Over 2 million users of Piriform’s CCleaner application have been advised to update their software NOW to version 5.34 as a result of a really well hidden malware, discovered by Cisco’s Talos, hackers used a backdoor in the site and embedded to the little badness into the software.
If you have downloaded the software version 5.33 between August 15th and September 12th you might be one of the unlucky ones, also if you own CCleaner Cloud 1.07.
“The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a third party computer server in the USA,” said Piriform in this blog post. “We have no indications that any other data has been sent to the server… We are continuing to investigate how this compromise happened, who did it, and why. We are working with US law enforcement in their investigation. A more technical description of the issue is on our Piriform blog.”
Talos reports: “In analyzing DNS-based telemetry data related to this attack, Talos identified a significant number of systems making DNS requests attempting to resolve the domains associated with the aforementioned DGA domains. As these domains have never been registered, it is reasonable to conclude that the only conditions in which systems would be attempting to resolve the IP addresses associated with them is if they had been impacted by this malware.”