In echoes of the Ukrainian NotPetya attack from June this year, the enormously popular tool CCleaner (originally known as Cr*pCleaner) has been found to have been compromised and used as a potential attack vector for a sophisticated cyber-attack.
With some 2 billion downloads and a highly active user base, CCleaner has been a popular choice for years for users looking to remove "bloat" and unwanted software from their computers. Ironically this very tool had been compromised for over a month before it was found to be the distribution mechanism for malware that could be used to obtain valuable and sensitive data from users' systems.
Earlier this year our work on the ground in the Ukraine found that the that MeDoc accounting software had been compromised and used to distribute highly damaging malware, now known as NotPetya. This attack has been found to have caused hundreds of millions of dollars of damage to many multi-national organisations impacted by the increasingly interconnected nature of our global businesses.
Compromising the distribution mechanism of popular and global tools promises to cause a disturbing increase in attacks and speaks to ever growing sophistication of organised criminals.
Earlier this week the torrent distribution website The Piratebay was also found to be covertly utilising visitor's computers to "mine" for the potentially valuable cryptocurrency Monero.
Most visitors to the website would have little indication that their computer was being used for this potentially illegitimate and uninvited purpose. Discussions on whether this use of computer processors to gain financial advantage, instead of the use of intrusive adverts, opens up debates regarding the commoditisation of visitor's eyeballs or their CPUs and the lesser of two evils.
As ever, we advise caution when downloading any tools from open internet sources or when visiting less trustworthy websites. Maintaining your computer software health through regular patching can help reduce the risk of contamination by malware and keep you safer online.
The affected app, CCleaner, is a maintenance and file clean-up software run by a subsidiary of anti-virus giant Avast. It has 2 billion downloads and claims to be getting 5 million extra a week, making the threat particularly severe, researchers at Cisco Talos warned. The malware would send encrypted information about the infected computer - the name of the computer, installed software and running processes - back to the hackers' server. The hackers also used what's known as a domain generation algorithm (DGA); whenever the crooks' server went down, the DGA could create new domains to receive and send stolen data. Use of DGAs shows some sophistication on the part of the attackers.