Skip to main content

CCleaner attack targeted specific companies

(Image credit: Image source: Shutterstock/GlebStock)

Even though CCleaner is a consumer product with probably millions of machines around the world having installed it, the recent malware attack that hijacked the software actually targeted a business audience.

This was confirmed by Avast CEO Vince Steckler, who said the attack, typically called a watering hole attack, targeted large technology and telecommunications companies in Japan, Taiwan, UK, Germany and the US. Names were not disclosed, but Avast did reach out to affected companies and is helping them remedy the problem.  

According to the update, the second stage payload was spotted on 20 machines in eight companies, but the number of machines actually affected will probably only reach three digits.

Avast said it is continuing its work with law enforcement agencies to find out who is behind the attack.

The attack was announced earlier this week, as the popular disk cleaning utility tool was hijacked by attackers who used the tool to spread malware.

Researchers from Cisco's Talos security arm discovered that attackers had gained access to and hidden malware inside of version 5.33 of the software which was available for download between August 15 to September 12, 2017. 

Not only were new users downloading the software for the first time affected but also any user who updated their version of CCleaner during that time period could now have malware installed on their system.

In a statement, Avast told ITProPortal that none of the compromised data was sensitive information, and that the server which had received the data has now been taken down.

Image source: Shutterstock/GlebStock