It is difficult to say at this moment how many users might have been affected, but the numbers could be huge. They are also investigating how the files coming from their servers were modified before being released to the public. Piriform is aware of the situation and is acting to prevent further damage. The incident was discovered and reported by Talos. In case you are wondering why they were on those servers, Avast acquired Piriform, the original publishers of CCleaner, a few months ago. Threat actors have managed to change the files that were being delivered by Avast servers hosting CCleaner updates.
Ccleaner piriform news software#
In a supply chain attack that may be unprecedented in the number of downloads, servers hosting CCleaner, a popular tool for cleaning up the PC, has been delivering a version of the said software with malware.
Ccleaner piriform news 64 Bit#
The trojan itself reportedly only ran on Windows 32 bit systems, but the values above were created on 64 bit systems as well. Malwarebytes will detect the presence of those values and flag them as These values are not created by any clean versions of CCleaner, just by the infected ones.
HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Agomo
Users that are unsure whether they were affected by this and whether their data may have been sent to the C2 server can check for the presence of the following values under the registry key: One point we should take note of is that the breach preceded the take-over of Piriform by Avast. Avast posted a clarification explaining what happened and giving a timeline of the events.
0 kommentar(er)
