Second Stage of CCleaner Malware Delivered to Major Tech Companies

After assuring users that the CCleaner malware has been warded off successfully, researches have now uncovered a second-stage payload, that they still do not understand.

The second wave of the CCleaner malware has struck – this time stealthily targeting 20 PCs belonging to carefully selected international Technology companies. The targeted companies include:
Google, Microsoft, Cisco, Intel. Samsung, Sony, HTC, Linksys, D-Link, Akamai and Vmware. While investigating the initial attack, researchers discovered a predefined list on the hacker’s Command and Control (C2) servers that alluded to a second attack, designed to find, target and deliver a second payload to computers inside the networks of major technology firms.

The hackers, who have not yet been identified, initially hijacked CCleaner’s download servers and replaced the genuine version of the popular anti-malware software with a malicious avatar. Researchers found a list of approximately 700,000 machines, on the hacker’s C2 server, that downloaded the first stage payload of the malicious version and hence thought to be infected. However, what makes the outbreak appear much worse than originally thought off, was the discovery of a list of 20 PCs belonging to the top Technology companies. Researchers now believe that a second mysterious payload has been directed to this smaller list.

Read more here.

 

Comments are closed.