The complex second-stage payload comes in two parts: the first contains the main business logic and is heavily obfuscated, using anti-debugging and anti-emulation techniques to stay hidden from security tools. However, a screenshot provided by Cisco Talos showed a number of domains that the attackers were looking to compromise, including ones linked to Sony, Microsoft, VMware, Vodafone, O2, Singtel, Linksys, Gmail, D-Link, Intel, Samsung, HTC and Cisco itself.Ĭisco suggested this evidence reveals “a very focused actor after valuable intellectual property.” “Given that CCleaner is a consumer-oriented product, this was a typical watering hole attack where the vast majority of users were uninteresting for the attacker, but select ones were,” said the duo.Īvast refused to name the targets publicly. The initial attack affected 2.27 million CCleaner customers, meaning the collateral damage was huge.
#Ccleaner malware in avast update#
Server logs indicate eight tech and telecoms firms received the payload, with potentially hundreds of machines infected – although only 20 were spotted during the three days logs were collected for, according to an update from Avast CEO, Vince Steckler and CTO Ondrej Vlcek. Updates from both Cisco Talos and Avast – the company which now owns CCleaner developer Periform – explained that, contrary to initial impressions, a second stage payload was delivered from the C&C server. A cyber-attack revealed this week which spread via popular performance optimization tool CCleaner was designed to target several major technology firms, it has emerged.
0 kommentar(er)
