This week we learned that the popular maintenance application for Windows and Android, CCleaner, had been compromised and for a month had been infected with malware without anyone noticing.
Piriform assured that the compromised versions, CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191, had already been updated and that with the user updating immediately was enough to be free of danger. But, a new report suggests that the hack was more sophisticated than previously thought and just updating the version of CCleaner is not enough to disinfect a system.
The Talos group, the Cisco security experts, is conducting a technicalbackdoor analysis that included version 5.33 of CCleaner. During the investigation, they found a second load of very specific domains targeted by this malware, including Cisco itself.
The analysis suggests that the attackers were not working at random, but were behind the intellectual property of high-profile technology companies.
Experts have also emphasized that these new findings reinforce their belief that everyone affected by this attack should not simply remove the infected version of CCleaner from their computers and update to the newer one, but should restore the system completely from of a backup done before the infection to get rid of all traces of the malware in the Windows registry, or make a new installation.
From the beginning it was feared that Piriform had been downplaying the event and that it had not been as inoffensive as they imply, especially considering that he spent a full month with the loose malware inside CCleaner.
A representative of Avast, a company that bought Piriform recently, said they estimated that up to 2.27 million users had the CCleaner version infected on their machines.