Previously, researchers found no evidence that any of the computers infected by the booby-trapped version of the widely used Ccleaner utility had received a second-stage payload the backdoor was capable of delivering.
Of 700,000 infected PCs, 20 of them, belonging to highly targeted companies, received the second stage, according to an analysis published Wednesday by Cisco Systems' Talos Group.
Again, because the data covers only a small fraction of the time the backdoor was active, both Avast and Talos believe the true number of targets and victims was much bigger.
Craig Williams, a senior technology leader and global outreach manager at Talos, said the code contains a "fileless" third stage that's injected into computer memory without ever being written to disk, a feature that further makes analysis difficult.
Combined, the information would allow attackers not only to further infect computers belonging to a small set of targeted organizations, but it would also ensure the later-stage payload is stable and undetectable.
- Researchers: CCleaner attack aimed at major tech companiesCNET
- Tech companies targeted by sophisticated malware attackThe Mercury News
- CCleaner Outbreak Looks Worse Than We First ThoughtLifehacker Australia
- CCleaner hackers attacked Microsoft, Intel, Cisco, and other tech giantsTechRepublic
- The CCleaner Attack Was Worse Than We KnewGizmodo Australia
- Avast, Cisco Confirm: CCleaner Malware Targeted Large Technology CompaniesTom's Hardware
- Insidious 'attack within an attack' found in popular CCleaner programUSA TODAY
- CCleaner Hack May Have Been A State-Sponsored Attack On 18 Major Tech CompaniesTechdirt
- CCleaner malware: Avast admits it was wrong on payloadiTWire