CCleaner distribution center was hacked and a malicious version of CCleaner was put in it’s place. Unfortunately, up to 2 million CCleaner users downloaded a malicious version that had a RAT, also called remote access tool. This could be worse than Equifax, which some would say that is unrealistic, because Equifax affected up to 142 million people. However, it only affected the information curated by Equifax, not the entire users computer, which some of them most likely had their SSN, along with other very personal information.
What Is CCleaner and how was I affected?
CCleaner is used to clean up computers, which naturally would tick off hackers. So, in August 2017 a hacker with malicious intent broke into the CCleaner servers and replaced the legitimate CCleaner with one that had malware in it. Over 2 million people downloaded malware or to be more precise, a remote access tool that allowed the hacker to gain access to your computer’s name, a list of installed software and Windows updates, running processes, MAC addresses of network adapters alongside additional information.
While that sounds pointless, it actually isn’t. This information is sent back to a hacker who is using a U.S server. Now the hacker knows the system he has infected and how secure or insecure it is, then without pointing out how he got into the system he has an easier way of exploiting it. Or he could exploit the system after already being inside of it, but from what we’re reading it appears the remote access tool was doing recon work after infecting you to find another way into your system, so the malicious version of CCleaner wouldn’t be noticed for awhile and they suceeded. CCleaner was hacked with a RAT on August 15th and wasn’t detected until September 12th. That’s almost a full month the hackers had complete access to two million systems.
To conclude, it appears the hackers used the malicious version of CCleaner to do recon, or if this were a traditonal robbery the term “case the joint” would be used. They infected the computers, to see how to get into the system further without their initial point of entry, which in this case the CCleaner hack from being noticed.
Depending on what type of data was exfiltrated, this could be worse than equifax, because it affected more data. We are looking at the quality of the data stolen, not the quantity of the data stolen. Clearly the quantity of the data stolen from Equifax is far higher than CCleaner, but CCleaner may have gotten the users higher quality data they can use for ransom and other malicious uses or reselling it.
We will continue to update this, to keep you informed