Backdoor Hidden by Hackers Discovered in CCleaner Security App

The attack mirrors the NotPetya ransomware technique of compromising a software provider that is trusted by consumers

News broke that users of Avast-owned security application CCleaner for Windows have been advised to update their software immediately, after researchers discovered criminal hackers had installed a backdoor in the tool.

The tainted application allows for download of further malware, be it ransomware or keyloggers, with fears millions are affected.

Ofer Maor, director of enterprise solutions at Synopsys, said: "The recent incident with Avast’s platform CCleaner shows how attackers are stepping up their game to attack more allegedly secure customers. While recent ransomware attacks mostly affected random users with minimal consideration to the maintenance of their computer (such as installing updates), this attack targets the very users who follow best practices and regularly maintain their computer. And they do it by taking advantage of the very vendor the users expect to trust.

"Attacks like this are likely the result of insufficient security and quality controls by the vendor, allowing attackers to maliciously inject code while the software is being created. These insufficient controls, however, are not the result of extreme negligence. They are, indeed, the standard for many vendors.

"These types of attacks just demonstrate the need for the software industry to mature itself the way other engineering disciplines have been in the past. We no longer accept lack of such controls in our cars or our bridges, and as the customers, we should no longer accepts such oversights with software."

Javvad Malik, security advocate at AlienVault, said: "The attack mirrors the NotPetya ransomware technique of compromising a software provider that is trusted by consumers. A technique that is being used more often, even targeting security companies. It is therefore important that companies deploy effective threat detection and integrity controls to be able to identify where unauthorised access has been attempted or code has been changed."


Around The World