CCleaner 5.33 hacked to deliver malware

CCleaner 5.33 users take note:


Cisco Talos Intelligence labs has recently became aware of a supply chain attack against CCleaner v 5.33.  Talos recently observed that the legitimate download servers used by CCleaner were leveraged to deliver malware to unsuspecting victims.  For an unknown period of time, the legitimate, signed version of CCleaner v5.33, being distributed by Avast, also included a multi-stage malware payload that rode on top of the installation of CCleaner.  Given the potential for damage that could be caused by a network of infected computers even a tiny fraction of the size of CCleaner’s installed user base, Talos decided to move quickly.  On September 13, 2017 Cisco Talos immediately notified Avast of their findings so they could initiate appropriate response measures.

It is believed that attackers gained a foothold inside one or more development or build environments and leveraged that access to insert malware into the CCleaner build that was released between August 15th 2017 to September 12th, 2017.  If you downloaded CCleaner or your system updated to the newest build during this time, it is highly advised that you remove this program from your system and take measures to clean it immediately.

Contact POCC today to ensure your system has not been compromised!

Read the blog post from Cisco Talos to learn more about this discovery:

New Ransomware Malware now out – hidden in infected MS Word files

A new variant on the CryptoLocker malware has been spotted in the wild.  This variant is different in that it’s hidden inside a macro infected Word file.  The bad guys use social engineering twice to trick the user to first open the attachment, and then enable macros which causes:

  • The macros download an executable
  • The executable encrypts files on the machine
  • It then encrypts unmapped network drives
  • Changes all file names and deletes VSS snapshots

This is especially scary as this is the first time we’ve seen such an attack in the wild.  Previous exploits did not embed themselves inside MS Word files and were easier to filter out.  Now, in addition to watching for suspicious .zip, .exe, .js and other such files, users are expected to watch for suspicious Word files as well.

Read more below and find out what you can do to help prevent these attacks.

Malware: now on your TV!

A Reddit user with username being “moeburn” raised the likelihood of new malware flowing for Smart TVs, this week:

My sister got a virus on her TV. A VIRUS ON HER G**D**N TV.

It was an LG Smart TV with a built-in web browser, and she managed to get a DNS Hijacker that would say “Your computer is infected please send us money to fix it” any time she tried to do anything on the TV.

Old Malware learns new tricks

Vonteera is an adware family that has been around for years. They stand out from the rest because of their very intrusive changes to the affected systems, which is why you will see them classified as Trojan by some anti-malware solutions.

Recently, they added a new trick to their arsenal: using system certificates to disable anti-malware and anti-virus software.

Read more here