Home / Early Warning / Cybersecurity Highlights / Popular CCleaner security software modified to distribute malware

Popular CCleaner security software modified to distribute malware

09/18/2017

The popular security tool for the maintenance of computer equipment has suffered a security incident through an intrusion into their systems, which has caused that from August to September 12 the distributed version of this software contained malware, putting at risk to slightly more than two million users according to the data of use of this software of the own company

The malware included in the modified and distributed CCleaner binary was digitally signed by the company itself, so the attacker also had access to this information. The distributed version had a backdoor and botnet functionalities such as the use of "DGA" domains and the ability to communicate with a "Command-and-Control". Among the information that this malware was collecting from affected computers was: computer name, installed software, running processes, MAC addresses and privileges with which the software was running.