The popular PC cleanup tool, CCleaner has been hijacked by hackers in the latest widespread malware attack. The hack, identified by security researchers at Cisco Talos, found that anyone who downloaded or updated the CCleaner app between mid-August to mid-September also potentially downloaded malware without realising.
The malware, known as Floxif, leverages admin rights to allow hackers access the user's computer, and other connected systems, to steal personal data or credentials. Antivirus firm, Avast, which owns CCleaner is now investigating the incident.
The CCleaner hack is another reminder of how vulnerable organisations are to the software supply chain and users accidentally introducing malicious software. In this case, the hacked applications code was even signed indicating widespread issues with security at CCleaner.
Time after time we’re seeing instances of cyber crime where admin rights play a critical role in breaches and compromise. In the case of the Floxif malware, it relies on the user having admin rights and will stop running if the user has a standard account. It is critical that organisations regain control of their applications through application allow listing, and limit the ability to inflict damage by removing admin rights.
It’s now fundamental that organisations address these critical gaps in their security and ensure that allow listing and a least privilege model is rolled out.
For more information about privilege management and application allow listing click here.
James Maude is the Lead Cyber Security Researcher at BeyondTrust’s Manchester, U.K., office. James has broad experience in security research, conducting in-depth analysis of malware and cyber threats to identify attack vectors and trends in the evolving security landscape. His background in forensic computing and active involvement in the security research community makes him an expert voice on cybersecurity. He regularly presents at international events and hosts webinars to discuss threats and defense strategies.