CCleaner Compromised to Distribute Malware for Almost a Month subheading: Threat actor compromised CCleaner infrastructure
"Cisco Talos believes that a threat actor might have compromised Avast's supply chain and used its digital certificate to replace the legitimate CCleaner v5.33 app on its website with one that also contained the Floxif trojan."
basically, at this point … nobody yet knows how the certificate was breached (allegedly) … inside job or not. and our own local anti-virus and malware-sniffers were unable to spot it … simply because the digital signature was 'authentic'.
notwithstanding … could this be the tactic in the near future? could hackers start inserting their malware under the guise of valid certificates … such as what happened here? and then upload it into a secure server of a prominent security exchange?
i mean, if it happened in this scenario … it can definitely happen within a controlled environment. thereby … microsoft will need to resort with creating 2fa and 3fa when it comes to digital certificates? "yes, this certificate is authentic … let's check for the ans data-streams for a second-seal and third-seal."
i can see yet another type of security software looming on the horizon … "we will 'validate' your valid certificates by intervening with ceo within each company … i.e. is this certificate really valid, or does it just state it is valid?" oh yeah … and this new enterprising company will charge $69 for year-long subscription.
neemo … just out of curiosity, have you tried downloading that nefarious 32bit version of ccleaner-5.33 onto your computer … and did you sic webroot anti-virus on it? and what were the results? did the product question the operator about the install/certificate?
i think a consortium of some real brainiacs needs to assemble and manifest one single all-encompassing security sentry … that system will know every possibly way of exploiting any software. you mock me and say "designing such a system would never be possible" … to which i quietly challenge "you got a better idea?"
anyway … thanks for this post, mike … once again, i am enlightened.
Found this very interesting. Basically CCleaner was compromised and basically did almost nothing to the general public. Specific tech companies were targeted and received 2nd and 3rd stage pay loads which based on their sophistication could be nation-state or criminal organization sponsored efforts. CCleaner backdoor infecting millions delivered mystery payload to 40 PCs