How CCleaner Got Hacked...

5

509322

Thread author
Remember the great CCleaner hub-bub ?

Anyone remember the pages on top of pages of ridiculous nonsense posted about it across the forums ?

Only recently have pertinent details been released - many months later.

In a word... TeamViewer.

SC Media

by Bradley Barth, Senior Reporter

April 24, 2018 CCleaner attackers gained access to app developer's network via TeamViewer

CCleaner attackers gained access to app developer's network via TeamViewer

* * * * *

It just proves that initial reactions to the latest reports of this or that hack, exploit, malware or whatever the IT Security News is milking for every last click-bait are blown way, way out of proportion. Peoples' reactions are irrational and the nonsense spouted flows like a wide and mighty river.
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
You do not need Teamviewer service running at all and you should not have Teamviewer process set to run at startup, just start it when you need it.
Besides, Teamviewer has introduces new features, since people were actively hacked through it, like you need to authorize new devices via email.

the attackers used a VBScript (Microsoft Visual Basic Scripting Edition) file
What a shocker, WSH used to spread malware. :emoji_expressionless:
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Here's the original Avast source because the one supplied in the scmagazine article dont work.

Recent findings from CCleaner APT investigation reveal that attackers entered the Piriform network via TeamViewer | Avast
To initiate the CCleaner attack, the threat actors first accessed Piriform’s network on March 11, 2017, four months before Avast acquired the company, using TeamViewer on a developer workstation to infiltrate. They successfully gained access with a single sign-in, which means they knew the login credentials. While we don’t know how the attackers got their hands on the credentials, we can only speculate that the threat actors used credentials the Piriform workstation user utilized for another service, which may have been leaked, to access the TeamViewer account.

It actually makes sense that TeamViewer was used as a attack vector considering it's issues.

New TeamViewer Hack
 

tonibalas

Level 40
Verified
Honorary Member
Top Poster
Well-known
Sep 26, 2014
2,973
You do not need Teamviewer service running at all and you should not have Teamviewer process set to run at startup, just start it when you need it.
That's my 1st rule when i install software.
If i don't use the software everyday after installation i am going to services and i set to manual start.
There is no reason for me to see it's service running at every system start up when i am not gonna use it.
 

Lightning_Brian

Level 15
Verified
Top Poster
Content Creator
Sep 1, 2017
742
That's my 1st rule when i install software.
If i don't use the software everyday after installation i am going to services and i set to manual start.
There is no reason for me to see it's service running at every system start up when i am not gonna use it.

@tonibalas and @TairikuOkami That is what I do too. However, I don't use Team Viewer very much any more. Plus, I rather not keep it on my computer. TightVNC is a night little program if anyone wants to use it. It does have to be local or through the use of a VPN to act like a local computer.

~Brian
 

JoseyWales

Level 1
Verified
Jul 23, 2018
33
Remember the great CCleaner hub-bub ?

Anyone remember the pages on top of pages of ridiculous nonsense posted about it across the forums ?

Only recently have pertinent details been released - many months later.

In a word... TeamViewer.

SC Media

by Bradley Barth, Senior Reporter

April 24, 2018 CCleaner attackers gained access to app developer's network via TeamViewer

CCleaner attackers gained access to app developer's network via TeamViewer

* * * * *

It just proves that initial reactions to the latest reports of this or that hack, exploit, malware or whatever the IT Security News is milking for every last click-bait are blown way, way out of proportion. Peoples' reactions are irrational and the nonsense spouted flows like a wide and mighty river.
sounds precisely like WH trolling that has swept the country!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top