The backdoor that was recently installed in CCleaner has proven to spread malware. The attackers allegedly had a target of tech and telecom companies and hoped to exploit intellectual property using malware.
This reports both Cisco and Avast . Recently, CCleaner version 5.33 and version 1.07 of CCleaner Cloud proved to be a backdoor, deploying version 5.33 of CCleaner via the official download server of CCleaner developer Piriform. Piriform was taken over by Avast earlier this year. So far, it has been assumed that malware was not spread through this backdoor, but this seems to be the case.
Tech and telecom companies affected
On a Command & Control server, clues have been found that attackers have spread malware. Cisco reports that the attackers had provided for major technology and telecom companies, including Singtel, HTC, Samsung, Sony, Gauselmann VMware, Intel, Microsoft, Cisco, Vodafone, Linksys, Epson, Akamai Technologies and D-Link. Avast confirms this and reports that logs on this server show that the malware has spread to at least twenty systems from eight different companies. Avast has contacted the affected companies, but does not want to disclose their names. Cisco suspects that the attackers provided for intellectual property.
It is striking that CCleaner is aimed at consumers and not so much on businesses. Presumably, attackers were trying to contaminate systems of employees of major technology and telecom companies, hoping that these employees would connect the infected systems to the corporate network. Cisco advises affected users to restore their system by using a backup or completely reinstalling the system. This gives users the assurance that they will not only remove the backdoor, but also any malware installed on their system via this backdoor.