The code in question is a unique implementation of base64 only previously seen in APT17 and not in any public repository, which makes a strong case about attribution to the same threat actor.
#CCLEANER MALWARE BUILD SOFTWARE#
With our technology, we can compare code to a huge database of malicious and trusted software - that’s how we can prove that this code has never been seen before in any other software.Ī deeper analysis leads us to the functions shown below. The photo below is the result of uploading the CCBkdr module to Intezer Analyze™, where the results show there is an overlap in code. Using Intezer Analyze™, we were able to verify the shared code between the backdoor implanted in CCleaner and earlier APT17 samples. The malware injected into #CCleaner has shared code with several tools used by one of the APT groups from the #Axiom APT 'umbrella'. The official statement from Avast can be found here The Big Connection:Ĭostin Raiu, director of Global Research and Analysis Team at Kaspersky Lab, was the first to find a code connection between APT17 and the backdoor in the infected CCleaner: Through somewhere that had access to the source code of CCleaner, the main executable in v had been modified to include a backdoor. A backdoor, inserted into legitimate code by a third party with malicious intent, leads to millions of people being hacked and their information stolen.Īvast’s CCleaner software had a backdoor encoded into it by someone who had access to the supply chain. You may have the most up to date cyber security software, but when the software you are trusting to keep you protected gets infected there is a problem. Recently, there have been a few attacks with a supply chain infection, such as Shadowpad being implanted in many of Netsarang’s products, affecting millions of people.
0 kommentar(er)
