Earlier this month, researchers found CCleaner and CCleaner Cloud were being illegally altered before they were released to the public. The download for CCleaner v5.33 was accompanied by a multi-stage malware payload, signed using a valid digital signature issued to Piriform. |
During the analysis of the hackers' command-and-control (C2) server to which the malicious CCleaner versions connected, security researchers from Cisco's Talos Group found evidence of a second payload (GeeSetup_x86.dll, a lightweight backdoor module) that was delivered to a specific list of computers based on local domain names. The target companies included: Google, Microsoft, Cisco, Intel, Samsung, Sony, HTC, Linksys, D-Link, Akamai, VMware |