Popular PC-cleaning software, CCleaner which is used by more than 130 million people put users at risk after hackers were able to slip in malware into legitimate downloads. Software was infected with malicious payload that made it possible to download and execute other suspicious software, including ransomware and keyloggers.
According to Avast, around 2.27 million people were affected by the hack. But things could’ve been worse considering that the application has above 2 billion downloads and adds around 5 million new users each month.
Avast chief technical officer Ondrej Vlcek, while speaking to Forbes said that, “2.27 million is certainly a large number, so we’re not downplaying in any way. It’s a serious incident. But based on all the knowledge, we don’t think there’s any reason for users to panic.
“To the best of our knowledge, the second-stage payload never activated… It was prep for something bigger, but it was stopped before the attacker got the chance.”
The malware was programmed to collect the following:
• Name of the computer
• List of installed software, including Windows updates
• List of running processes
• MAC addresses of first three network adapters
• Additional information whether the process is running with administrator privileges, whether it is a 64-bit system, etc.
But the Avast states that the all stolen data was encrypted and unlikely to be accessed. The company further said it has already forced updates and in its own words was “able to disarm the threat before it was able to do any harm.”
Even though the company says it has taken necessary steps to stop the hack, everyone who installed the app in the period from August 15 until now should update to the newest version and run an anti-malware scan.
Featured Image: The Next Web