How The CCleaner Hackers Took Advantage Of Consumer Trust

No matter your personal preference, you probably put your trust in a software program to keep your computer safe. Turns out, it's no longer that simple.

September 21, 2017 by Alex Collins

Who do you trust? Maybe you trust the cybersecurity pros at McAfee. Over 40 million people around the world trust antivirus company Norton. There’s also cloud-based Panda Security and AVG AntiVirus.

ccleaner-hackNo matter your personal preference, the likelihood is, you put your trust in a software program—in most cases, a free one—to keep your computer safe. Why wouldn’t you? After all, it’s common sense.

Turns out, it’s not that simple anymore.

That’s because cyber attacks are getting more sophisticated. Just ask the security researchers at Talos. On Monday, they blew the whistle on the latest massive security breach. The culprit? An antivirus app. That’s right—a virus corrupted an antivirus program.

Called CCleaner—a free app run by Avast, which bills itself as “one of the largest security companies in the world”—it was sabotaged with malware (unbeknownst to its vendor). Then, over 2 million people downloaded and ran the infected CCleaner app. According to mobile news site BGR, the malware “sent hackers encrypted information including the name of the infected computer, a list of installed software, and running processes.”

The implications of the CCleaner hack are dire. The hack exposes the vulnerability of even the most trusted and vigorous security applications. Our new reality is, hackers are explicitly targeting these companies and programs. Implicit consumer trust is now merely bait; they’re exploiting that relationship for their own malicious gain.

Here’s how Talos’ researchers put it to Forbes: “This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world. By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates.”

One could hardly design an application more straightforward, harmless, or seemingly legitimate than the CCleaner app, which Avast subsidiary Piriform markets as the “crap cleaner.” It’s a simple and free program to help people. In theory, it cleans up your cache and wipes out the junk slowing down your machine. But here’s the rub: That’s exactly why it was picked for the attack.

Cybercriminals know that, because it’s free, plenty of people are going to download and use CCleaner. They also know that, because it’s offered under a trusted name from a respected company, people won’t think twice.

And they know that this type of program—a routine cleanup, or a software update, or a quick virus scan—gives them unfettered and welcome access to a treasure trove of lucrative data.

At Wired, they identified the core problem. This breach shows the emptiness of what is maybe the most ubiquitous security best practice, “Only install applications from a trusted source or from a trusted app store.”

In the wake of the CCleaner hack, no longer is such advice trustworthy. As Talos’ Craig Williams put it to Wired, “Attackers are realizing that if they find these soft targets, companies without a lot of security practices, they can hijack that customer base and use it as their own malware install base.”

It’s obvious, more than ever, that your online behavior, your preferences, and your routines are under a microscope—and, in some cases, under attack. An innocent upgrade, or a routine install, is now a no-win situation. So how do you avoid losing? Protect yourself. Trust in an expert cyber-security apparatus and a comprehensive, customized intelligence program.