The recent CCleaner malware outbreak is much worse than it initially appeared, according to newly unearthed evidence. That evidence shows that the CCleaner malware infected at least 20 computers from a carefully selected list of high-profile technology companies with a mysterious payload.
Previously, researchers found no evidence that any of the computers infected by the booby-trapped version of the widely used CCleaner utility had received a second-stage payload the backdoor was capable of delivering. The new evidence—culled from data left on a command-and-control server during the last four days attackers operated it—shows otherwise. Of 700,000 infected PCs, 20 of them, belonging to highly targeted companies, received the second stage, according to an analysis published Wednesday by Cisco Systems’ Talos Group.
Because the CCleaner backdoor was active for 31 days, the total number of infected computers is “likely at least in the order of hundreds,”
Users that are unsure whether they were affected by this and whether their data may have been sent to the C2 server can check for the presence of the following values under the registry key:
The values in question are:
MUID, TCID and NID
These values are not created by any clean versions of CCleaner, just by the infected ones.
Malwarebytes will detect the presence of those values and flag them as Trojan.Floxif.Trace
The trojan itself reportedly only ran on Windows 32 bit systems, but the values above were created on 64 bit systems as well[/b].
From their blog…
Today, Avast has shared new information which suggests this was a very sophisticated attack which targeted a select number of large technology and telecommunication companies. Avast has been reaching out individually to the companies known to have been impacted to provide them with technical information and assist them. If you are a business known to have been affected, you will have been contacted.
We continue to work with law enforcement who are carrying out a full investigation and will share more information as soon as we can.
- The Fed Tries and Fails to Hide This Brutal Reality
- PayPal goes full 1984 in November…
- India Banks SHUTDOWN For 20 Days
- There are so many market indicators that we are heading towards a major financial crisis
- Federal Reserve and Government in the Sunshine Meeting Notice Alert! Advanced Notice of a Meeting under Expedited Procedures for a Closed Board Meeting on October 3, 2022
- It’s Impossible to State How Bad Things Actually Are
- It’s Going to Take Some Very Cool Heads to Keep the Blinken Administration from Destroying the World
- Banks are over leveraged by 2 quadrillion… The calm before the storm
- Putin is “The New Hitler” as Nuclear War With Russia Becoming Increasingly Probable
- Cool explanation on how Germany f***** itself.