CCleaner Malware Incident - What You Need to Know and How to Remove subheading: Why didn't antivirus software catch the infection?
"The CCleaner binary that included the malware was signed using a valid digital certificate." CCleaner Compromised to Distribute Malware for Almost a Month subheading: Threat actor compromised CCleaner infrastructure
"Cisco Talos believes that a threat actor might have compromised Avast's supply chain and used its digital certificate to replace the legitimate CCleaner v5.33 app on its website with one that also contained the Floxif trojan." basically, at this point … nobody yet knows how the certificate was breached
(allegedly) … inside job or not. and our own local anti-virus and malware-sniffers were unable to spot it … simply because the digital signature was
'authentic'.
notwithstanding … could this be the tactic in the near future? could hackers start inserting their malware under the guise of valid certificates … such as what happened here? and then upload it into a secure server of a prominent security exchange?
i mean, if it happened in this scenario … it can definitely happen within a controlled environment. thereby … microsoft will need to resort with creating
2fa and
3fa when it comes to digital certificates?
"yes, this certificate is authentic … let's check for the ans data-streams for a second-seal and third-seal." i can see yet another type of security software looming on the horizon …
"we will 'validate' your valid certificates by intervening with ceo within each company … i.e. is this certificate really valid, or does it just state it is valid?" oh yeah … and this new enterprising company will charge $69 for year-long subscription.
neemo … just out of curiosity, have you tried downloading that nefarious 32bit version of
ccleaner-5.33 onto your computer … and did you sic
webroot anti-virus on it? and what were the results? did the product question the operator about the install/certificate?
i think a consortium of some real brainiacs needs to assemble and manifest one single all-encompassing security sentry … that system will know every possibly way of exploiting any software. you mock me and say
"designing such a system would never be possible" … to which i quietly challenge
"you got a better idea?" anyway … thanks for this post,
mike … once again, i am enlightened.