About 2.27 million people downloaded the compromised program, and at least 1.65 million copies of the malware attempted to communicate with the criminals’ servers. The malware, hidden in a popular application with about 100 million active users, was distributed for a month.
The attack scheme itself was quite complicated, consisting of at least three stages. Furthermore, thanks to the altered compiler library, the malware obtained a legitimate Piriform digital signature. Although the source code was clear, the compiled builds contained malware that later was used for the attack. Initially, malefactors compromised Piriform’s compilation environment by infecting the server where programs were built. That’s probably why it was chosen by APT actors as a way to spread spyware. In fact, it is one of the oldest system cleaners, and it’s been downloaded more than 2 billion times.
#Ccleaner attack software
Piriform is famous for its CCleaner utility - software for cleaning potentially unwanted files and invalid Windows Registry entries.
Here is one example of how an APT operator used a small company in a supply chain attack.ĭuring the Security Analyst Summit, which took place earlier this month, our colleagues at AVAST presented the case of Piriform, a small British company they acquired last year. For some reason, we keep hearing variations on the same theme: “Our company is not a major player it wouldn’t be interesting to an attacker.” However popular, it is a misconception.
0 kommentar(er)
