• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Avast’s CCleaner Update Distributes Malware to Millions

September 18, 2017 By The Editor

This morning, The Verge reported an unusual attack on CCleaner, the flagship application of Avast-owned Piriform. According to security researchers at Cisco Talos, hackers injected malware into the app’s software update, which was then downloaded by 2.27 million users. CCleaner’s primary function is to perform routine maintenance and cleanup on PCs, in addition to offering other privacy protections.

“For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,” said researchers.  Dubbed “crap cleaner,” Avast’s CCleaner application has been downloaded more than 2 billion times worldwide and boasts a growth rate of 5 million desktop installs per week, making it a prime target for cybercriminals.

Here’s an excerpt from The Verge’s story highlighting why this particular security breach is remarkable: “This is an unusual attack as software similar to CCleaner is trusted by consumers and meant to remove “crapware” from a system. By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users’ inherent trust in the files and web servers used to distribute updates.”

This attack is not the first of its kind, and is a trend that security researchers and threat analysts will definitely be monitoring more closely moving forward. As The Verge cited in their article, cybercriminals successfully breached the Ukranian company MeDoc earlier this year then utilized similar distribution tactics to spread the infamous Petya ransomware.

Read more about the CCleaner security breach on The Verge, or read Cisco Talos’s blog post for more technical details.

Read more about how to defend against JavaScript malware or about malware obfuscation on Secplicity.

Share This:

Related

Filed Under: Editorial Articles, Featured Tagged With: Malware

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity’s Toll on Mental Health
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Cybersecurity’s Toll on Mental Health
  • Successfully Prosecuting a Russian Hacker
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use