Slyguy

Level 40
....... You think this programs can't be hacked ....... like we All have been thinking that CCleaner can't be hacked ....... (all is the same story, toooo ).
Yup. Worse, the security of folks using CCleaner was seemingly fully bypassed by this. Rendering it nothing more than security theater for the most part.

Think about this.. Some criticized me in another thread after my extensive, well secured gateway/network was compromised by a hijacked Trend Micro update. These same people were possibly compromised by this, or certainly would have been. Even IF some security product warned about CCleaner, how fast would most people whitelist it out of habit with the assumption CCleaner was always safe?
 
  • Like
Reactions: Sunshine-boy

L S

Level 5
Verified
Yup. Worse, the security of folks using CCleaner was seemingly fully bypassed by this. Rendering it nothing more than security theater for the most part.

Think about this.. Some criticized me in another thread after my extensive, well secured gateway/network was compromised by a hijacked Trend Micro update. These same people were possibly compromised by this, or certainly would have been. Even IF some security product warned about CCleaner, how fast would most people whitelist it out of habit with the assumption CCleaner was always safe?
I don't criticized anyone, i just say NOTHING IS SAFE !!!
 
  • Like
Reactions: frogboy and Slyguy

spaceoctopus

Level 15
Content Creator
Verified
It really is hard to trust an app that has been compromised in such a way,and I suspect that the compromise was from the "inside" ie Piriform inserted that backdoor intentionally!Just my opinion!!:)
You are right when you say that it is difficult to trust the product back again. But lets be realistic, these things happens.
It's serious but there have been, lets say more serious stuff than that. For example, when Norton had to patch several vulnerabilities in their security products that could easily be exploited. Or Duqu which was present in Kaspersky's network. Bitdefender who suffered a breach in their systems with users data stolen.
The important thing is that the attack has been discovered and stopped.
 

Slyguy

Level 40
It really is hard to trust an app that has been compromised in such a way,and I suspect that the compromise was from the "inside" ie Piriform inserted that backdoor intentionally!Just my opinion!!:)
Piriform is mysteriously quiet about this. They should have a giant banner on their website about it. IMO.

By the way Cujo was compromised and didn't disclose it. People suddenly had accounts hacked, bad logins to their accounts, etc. Since Cujo acts as a proxy for your network, there is little they couldn't steal from your network. But Cujo appeared to go out of their way to mask the compromise.

I think it is telling how a firm reacts, informs and changes as the result of a compromise.

FYI: Norton actually had the source code for Norton AV stolen in a compromise. Anyone remember that?
 

spaceoctopus

Level 15
Content Creator
Verified
Piriform is mysteriously quiet about this. They should have a giant banner on their website about it. IMO.

By the way Cujo was compromised and didn't disclose it. People suddenly had accounts hacked, bad logins to their accounts, etc. Since Cujo acts as a proxy for your network, there is little they couldn't steal from your network. But Cujo appeared to go out of their way to mask the compromise.

I think it is telling how a firm reacts, informs and changes as the result of a compromise.

FYI: Norton actually had the source code for Norton AV stolen in a compromise. Anyone remember that?
Good point, Piriform should have a big banner on their websites. But at this point it's more about communication because it is a complex situation.
It's not only Avast or Piriform that have been caught off guard, but also many major security companies. This can explain why you don't see many of them talking about this situation on their blog;)
They will start to do it when their signatures are updated with the latest definitions to deal with this problem.
 

Elpibe

Level 3
Why so many criticisms about CCleaner? Windows made a LOT of mistakes and ppl still recommending it, lastpass that in every poll wins, it was hacked, e.g hackernoon (where i read it first) showed that urls weren't encrypted at all (i use this 2 examples cause i didnt want to update my windows and because now im looking for a Password manager )... there are many examples. Piriform/Avast made a mistake, i dont know if a big mistake because there wasnt a damage report of what the virus did or maybe couldnt according to Avast. Im not trying to defend them, but i read so many comments (in a couple of MT thread and even other webs) saying "im not using CCleaner anymore" or things like that, that other companies/sofware didnt have. 13 years of CCleaner and this is the first mistake (or at least a big one) that i can remember.
 

Yoda

Level 3
Verified
Last edited:
  • Like
Reactions: frogboy and roger_m

Slyguy

Level 40
Do like me, use the portable version, it is always behind in term of build version, so less subject to tempering.
Delayed update cycles, almost always a good idea! In the enterprise world, we always withhold updates, sometimes for days, sometimes weeks and other times months. It's universally paid off for us in terms of things not breaking or bad version avoidance. For Windows, we hold them for 7 days, then push them via our management software. For firmware, we've been known to wait 6 months until version stabilization and testing has been achieved.

I think it is prudent to use portable and delay updating as you note.
 

Yoda

Level 3
Verified
FYI:
Avira real-time, already detects the 5.33.6162 (and only this version) as a Malware and blocks it.
(Portable version too)

Avira+CCleaner.jpg
 

Slyguy

Level 40
In related news - my APT Appliance flagged another 'popular' product. It also failed sandbox evaluation as part of that APT appliance evaluation.

I'm not disclosing what product it was to avoid litigation. But I found similar things happening with Ccleaner starting in MAY and have the emails to prove it between me and Ccleaner employees about the issue. Which of course they said was nothing more than a false positive. Apparently not understanding how APT detection works and it was never flagged before.

Whatever.. I'm sure we will see more update/development channels compromised with more products going forward.
 
  • Like
Reactions: Sunshine-boy

tim one

Level 21
Trusted
Malware Hunter
Verified
In related news - my APT Appliance flagged another 'popular' product. It also failed sandbox evaluation as part of that APT appliance evaluation.

I'm not disclosing what product it was to avoid litigation. But I found similar things happening with Ccleaner starting in MAY and have the emails to prove it between me and Ccleaner employees about the issue. Which of course they said was nothing more than a false positive. Apparently not understanding how APT detection works and it was never flagged before.

Whatever.. I'm sure we will see more update/development channels compromised with more products going forward.
In the case of CCleaner and as far as I know, the dynamic of the attack has not yet been fully made known. Clearly the fact that the system of distribution of the updates may have been compromised in this way, reveals chilling security gaps.

This is the perfect case of "watering hole attack": you aim not your final target, but one of its suppliers.