Hackers are now targeting software supply chains, vendors and trusted apps stores to carefully inject their malicious code for it to be downloaded and run by more users.
This is what happened with the free cleanup tool named CCleaner by Piriform.
It has been reported that millions of people have downloaded the tainted copy of CCleaner. Users who have downloaded it via Google Play and got compromised in a sophisticated manner in August. It took until mid-September before it was spotted and fixed.
This methodology of infecting the digital supply chain has happened three times in the last three months which in turn gavce hackers the opportunity to exploit and implant tainted code and stealthily spread their malicious code.
Piriform which is owned by Avast and developed the apps have apologized to the users.
More than 2 million people have downloaded this on their android devices. According to them, a malicious code attempted to connect computers to registered web domains; which turns out to be a common tool used by hackers to download further malware onto infected computers.
Avast which is their parent company determined on the 12th of September that the 32-bit version of our CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 products, which may have been used by up to 3% of our users, had been compromised in a sophisticated manner.
As of now, the safe version had been released.
It sounds ironic because the software is designed to clean the device it would be installed in.
Piriform’s vice president of products, Paul Yung, said: “We would like to apologize for a security incident that we have recently found in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191.
“A suspicious activity was identified on September 12 2017, where we saw an unknown IP address receiving data from software found in version 5.33.6162 of CCleaner, and CCleaner Cloud version 1.07.3191, on 32-bit Windows systems.
“Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process.
“We also immediately contacted law enforcement units and worked with them on resolving the issue.”
Mr Yung said the company could not yet confirm how the malicious code had appeared in its software and “would not like to speculate”, but added that an investigation was “ongoing”.
“Before delving into the technical details, let me say that the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version,” he said.
“Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.We are taking detailed steps internally so that this does not happen again, and to ensure your security while using any of our Piriform products.
“Users of our cloud version have received an automated update. For all other users, if you have not already done so, we encourage you to update your CCleaner software to version 5.34 or higher.”
Hopefully this strategic attacks on digital supply chains get stopped. Otherwise, the malware and hacking incidents will grown into gigantic proportions.