This morning, The Verge reported an unusual attack on CCleaner, the flagship application of Avast-owned Piriform. According to security researchers at Cisco Talos, hackers injected malware into the app’s software update, which was then downloaded by 2.27 million users. CCleaner’s primary function is to perform routine maintenance and cleanup on PCs, in addition to offering other privacy protections.
“For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,” said researchers. Dubbed “crap cleaner,” Avast’s CCleaner application has been downloaded more than 2 billion times worldwide and boasts a growth rate of 5 million desktop installs per week, making it a prime target for cybercriminals.
Here’s an excerpt from The Verge’s story highlighting why this particular security breach is remarkable: “This is an unusual attack as software similar to CCleaner is trusted by consumers and meant to remove “crapware” from a system. By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users’ inherent trust in the files and web servers used to distribute updates.”
This attack is not the first of its kind, and is a trend that security researchers and threat analysts will definitely be monitoring more closely moving forward. As The Verge cited in their article, cybercriminals successfully breached the Ukranian company MeDoc earlier this year then utilized similar distribution tactics to spread the infamous Petya ransomware.
Read more about the CCleaner security breach on The Verge, or read Cisco Talos’s blog post for more technical details.
Read more about how to defend against JavaScript malware or about malware obfuscation on Secplicity.