![]() ![]() The highly obfuscated illegal code created a 16KB DLL that executed in a separate thread and continued to run in the background while the actual program was being run. Of particular importance is the fact that the original binary had a valid digital certificate, which could imply that Piriform's certification process itself was compromised. ![]() ![]() Hackers inserted a two-stage backdoor that could remotely execute code and transmit back user info in an encrypted form. In a technical blog post, Paul Yung, VP, Products from Piriform, detailed about the illegal code modification that affected nearly 2.27 million users of the product. This led to the conclusion that the program's binary was illegally modified to transmit user info to the hacker. On September 12, certain 32-bit versions of CCleaner () and CCleaner Cloud () were found to transmit data to an unknown IP address, prompting Piriform to start an investigation in collaboration with Avast Threat Labs. The malware is a backdoor that disguised itself within the app's runtime and therefore, went largely unnoticed until Piriform noticed something suspicious. CCleaner, the popular PC cleaning app from Piriform (now part of Avast), has been found to be infected with malware that can potentially sniff out user data in the background without the user even knowing it. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |