CCleaner hack effects 2.27 million computers

A popular PC cleaning software used by over 130 million people put users at risk after hackers were able to insert malware into legitimate downloads. By any chance, if you have downloaded or updated CCleaner application on your computer between the period of August 15 and September 15' 2017 from it's official website, then kindly pay attention because of high chances that your system is at huge risk.

 

Trustworthiness is everything when it comes to antivirus software. Malware developers are changing their attacks all the time so you have to hope that the tools you’re using to fight them are keeping up. Millions of users trust the free CCleaner by Avast/Piriform, a big name in the space, to be that tool. It was found to be hosting a "multi-stage malware payload" that could install ransomware or keyloggers that steals data from infected computers and sends it to attacker's remote command-and-control servers.

In the past, attackers would create fake alternatives of popular applications and trick people into downloading them. The trend now, however, is to attack the download source directly and gain access to legitimate servers. Once they are in, it's a case of loading the trusted software with a nefarious payload, with the end-user being none the wiser. Attackers have shown that they are willing to leverage this trust to distribute malware while remaining undetected.

What does the malware do?

It gathers information like your IP address, computer name, a list of installed software on your computer, a list of active software and a list of network adapters and sends it to a third-party computer server.


Who was infected?

According to Piriform, around 3 percent - roughly 2.27 million computers - used the infected software. Specifically, computers running 32-bit Windows 10.


How do I know if I have the corrupted version?

The versions that were affected are CCleaner v5.33.6162 or CCleaner Cloud v1.07.3191 for 32-bit Windows PCs. The Android version for phones doesn't seem to be affected. If you've updated your software since September 12, you should be ok. This is when the new, uncorrupted version was released. Also, if you have the Cloud version, it should have automatically updated itself by now to the clean version.


How to Remove Malware From Your PC?

The impact of this attack could be severe given the extremely high number of systems possibly affected. Affected users are strongly recommended to update their CCleaner software to version 5.34 or higher, in order to protect their computers from being compromised. The latest version is available for download here.

This is also just a great reminder to practice safe computer security habits in general. Also be sure to regularly scan and back up your computer to prepare for the worst. In a cyber-security world where even your official antivirus can give you a virus, you can never be too safe.

OurMine Hacks Vevo After Employee Was Disrespectful to Hackers on LinkedIn

Hacking group OurMine has breached Vevo, a video hosting service, and has leaked files from the company's internal network. The hacker group, who has a reputation for defacing websites and social media accounts, said it leaked data from Vevo after one of its employees was disrespectful to an OurMine member on LinkedIn.

The leaked data was published on the hacker group's website late last night. It included links to six data troves, offering 3.12TB of data for download. Browsable from OurMine’s site, the data included Vevo’s private dossiers on 90 different artists, including Taylor Swift, Ariana Grande, One Direction and U2. Other documents included social-media strategy memos and instructions for disabling the office’s alarm system.

"We don't know how long they [the hackers] have been accessing the Vevo system or what additional data –financial, email, employee info – the attackers may have..." cautioned Terry Ray, CTO of data and application security company Imperva, in emailed comments. Attackers maximize opportunities for engagement by impersonating legitimate users or by fine-tuning profile fields and interactions to lure targets. Once socially engineered, a target's trust can be leveraged to extract personal information or deliver malicious payloads.

New York-based Vevo, which is jointly owned by Universal Music Group, Sony Music Entertainment, Warner Music Group, Abu Dhabi Media, and Google parent company Alphabet Inc., acknowledged the breach in an official statement, which revealed that OurMine's initial method of attack was a social engineering scheme perpetrated via social media.

Vevo spokesperson acknowledged the incident. "We can confirm that Vevo experienced a data breach as a result of a phishing scam via LinkedIn. We have addressed the issue and are investigating the extent of exposure," the company said. Vevo did not comment if the hacker group made any ransom demands. The mysterious disappearance of most of the leaked files might lead some people to believe Vevo might have caved in and paid, hence the reason why most of the files are gone.

Vevo joins a long string of companies compromised by OurMine, which typically uses high-profile targets to drum up interest in legitimate security products. OurMine has built quite the reputation in the past years by hacking social media accounts belonging to companies, celebrities, and CEOs. Last month, the group compromised both the WikiLeaks website and various HBO-linked social media accounts. Previous targets include Mark Zuckerberg, Sundar Pichai and Jack Dorsey.

Beware: Compromised LinkedIn accounts used to send phishing links

Phishing continues to be a criminals’ favourite for harvesting user credentials with more or less sophisticated social engineering tricks. 

 

LinkedIn has been in the news for all the bad reasons. Previously, it was the data of 117 million of its users stolen back in 2012, leaked in 2016 and sold on the darknet afterwards. In the latest, cyber criminals are targeting LinkedIn users with a sophisticated phishing scam in which the idea is to trick the user into believing that their LinkedIn account has a security issue which can be solved only by providing their personal details. This Phishing Link Widely Spreading Champaign that Mimics as Legitimate Gmail and other Email Provides Login Page.

The campaign was identified by researchers at Heimdal Security who pointed out that the brain behind this scam is looking for users’ financial details, driving license and or passport copy. The purpose of collecting this information is to not only hijacking their account but also conduct further scams by stealing their identity.

Most appear as if the LinkedIn user is sharing a Google Drive file with the victim and contain a malicious link, obscured by a URL shortener to hide its true destination. The link then redirects to a phishing site for Gmail and other email providers which require potential victims to log in. Those who proceed will have their username, password, and phone number stolen but won’t realize they were duped right away. Indeed, this phishing scam ends on a tricky note with a decoy document on wealth management from Wells Fargo. URL shorteners are a well-known vehicle for spreading malware and phishing scams but they are also used for legitimate purposes, especially on social media where long URLs tend to be too cumbersome.

Furthermore, the email content also contains two links. One is a Dropbox link and other is what researchers have identified as a password reset link which leads users to the original LinkedIn password reset page. Apparently, the reason behind this is to trick users into believing that the email is legitimate and their account is in danger for real.

This is not the first time when LinkedIn users have been targeted with such scam. In the past, the users have been under target by Blackhole malware, trojans developed to steal login credentials of job seekers and even fake profiles pretending as job recruitment officials.

Beware of the malicious phishing links and don’t provide any credential information to untrusted website!!!