CCleaner & Malware Supply Chain Attack

As one of the most popular junk removal tools available, CCleaner does not need an introduction. It keeps your PC fast and junk free very easily. The CCleaner comes with a very small installer. It has a very simple installation process.

It gives you a few options for launching this program. In computer systems, the CCleaner is effectively using to remove unwanted documents that accumulate over a period. It may include, the broken shortcut keys, temporary files, etc.

CCleaner not just cleans your computer from junk files, but also, helps to keep your internet privacy protected. The browsing history data and your private internet files are completely safe with it. It makes theinternet more user-friendly and less vulnerable to online threats.
CCleaner has many versions, both paid and free of cost, such as CCleaner Professional Plus, etc.

Is CCleaner equal to Malware?
It is reported in the news that the CCleaner was hacked and replaced by Malware. If you are currently using CCleaner, then check if you have an affected version as hundreds and thousands of people have been affected by the supply chain attack.

This situation is probably the great example to highlight the importance of having anti-malware on your system. Most of the people seem to claim that they have the superpower that they can just see the file and tell if it is malware or not.

Malware Identification in CCleaner
If you see the properties of a malware file, you will find it completely fine. The size would be the same, file description, version number, copyright, etc. However, when you run this on your system, it will look and work just like the CCleaner.

So, you assume that it is alright and cannot be malware.

Drag and drop your CCleaner at looks like having no problem at all in its functionality. However, after scanning, you will find out how many threats are there. This is evidence about the number of engines being detected and hacked.

Who figured out the hack?
Now, go into the details of the hack and compare it with the past hacks to see what happened. Three researchers identified the hack. They found out that there is a back door. There is an entire sequence of functions that run when the infected CCleaner is activated in a system.

As a result of this, the malware delays for some 600 seconds and CCleaner resumes normal operations. After this period, the malware checks that if the user under which this file is executed is admin or not. So, if you are admin the system is profiled, and connection to command and control server is established. The data then received into c2 server is stored in the memory.

What is the potential of this hack?
You can think of it as a remote access tool or a backdoor that allows remote code execution or malware to be dumped on to your system. It can do all sorts of things potentially. Therefore, you should run a good anti-virus. You have no way to know the attack. Maybe you update your CCleaner and get this hacked version. This establishes the backdoor connection.

How to defend such hacks?
Well, the C2 server could be blocked via the security program that you are using at present. Also, any further malware that happens in your system could be individually blocked, even if the original backdoor is not detected. As a user, you can do nothing to prevent this. Such type of supply chain attack is increasing these days as hackers can replace the original installer with the malfunctioned ones.