In August 2017, millions of users of the popular clean-up tool CCleaner were automatically updated with a version of the software which had been tampered with by hackers to contain a malicious backdoor.
Now Czech anti-virus firm Avast, which distributes CCleaner, has revealed that hackers appear to have tried the same type of supply chain attack again.
In a blog post published on its website, Avast describes how it discovered on September 23rd that a hacker had gained access to its internal network after compromising a worker’s VPN credentials, and managing to escalate their privileges to give them admin rights for the domain.
After a deeper analysis, Avast determined that the hacker had been attempting to gain access to its network since at last May 14th 2019.
In response, Avast says that it stopped issuing updates for CCleaner and began to check past releases to see if they had been tampered with. Fortunately, there was no evidence that any of the updates to CCleaner had been maliciously altered.
Keeping an admirably cool head, Avast decided it wanted to observe and track what the hacker was up to, and deliberately left open the compromised VPN profile until it was ready to take remediation actions.
Avast digitally re-signed a clean update to CCleaner and pushed it out to users on October 15th. Furthermore, the earlier digital certificate was revoked in case it had fallen into the wrong hands.
“Having taken all these precautions, we are confident to say that our CCleaner users are protected and ..
Support the originator by clicking the read the rest link below.
