Malware that piggybacked on Ccleaner, a popular free software tool for optimizing system performance on PCs, appears to have specifically targeted high profile technology companies and may have been an attempt to harvest IP — perhaps for commercial or state-level espionage.
So while the malware infected a total of 2.27M PCs between August 15, 2017 and September 15, 2017 — using CCleaner version 5.33.6162 as its distribution vehicle — the attackers behind it appear to have been interested in only a specific subset of PC users working for tech firms.
Meanwhile security researchers at Cisco Talos , who are also analyzing the CCleaner malware (using a digital copy of the attackers’ server passed to them by an unnamed source, and which it says it has verified to its own satisfaction), and publishing rather more detail as they do so — have revealed the below list of company domains which were apparently been specifically targeted for delivery of the malware’s second-stage loader.
The list apparently includes mobile makers Samsung, HTC and Sony, as well as telcos Singtel, Vodafone and O2, plus tech firms Cisco, Intel, VMware, Google and Microsoft.
In its assessment of the second stage payload — i.e. the bit intended for the select tech targets — Avast describes the malware as a “relatively complex piece of code”, noting it is “heavily obfuscated and uses a number of anti-debugging and anti-emulation tricks”.
- CCleaner malware operators targeted tech firms including Cisco, Microsoft, SamsungZDNet
- The CCleaner Malware Fiasco Targeted at Least 20 Specific Tech FirmsWIRED
- Avast's CCleaner breach far more serious, targets tech giants like Microsoft ...International Business Times, India Edition
- Top Tech Vendors Targeted by CCleaner MalwareInfosecurity Magazine
- CCleaner breach targeted major tech companies, according to CiscoSiliconrepublic.com
- Hackers used Avast's CCleaner breach to attack technology companiesGadgets Now
- Hackers behind CCleaner compromise were after Intel, Microsoft, CiscoHelp Net Security
- CCleaner Malware Targeted 20 Tech Biggies Including Cisco, Intel, Microsoft ...Fossbytes
- CCleaner Hack Carried Out In Order to Target Big Tech CompaniesBleepingComputer