The well-known cleaning tool CCleaner had been hacked by hackers in July 2017, when hackers hoped to use the software as a springboard to penetrate the world’s leading companies. Of course, the hacker penetration in the last security incident was relatively successful. The hacker successfully penetrated many target companies but it is still unclear how much data was stolen.
Recently, this cleaning tool was once again targeted by hackers but was discovered in time to re-sign the program to ensure that the company revoked the previous certificate used to sign older CCleaner releases. It did so to prevent attackers from using it to sign fake CCleaner updates, in case the hackers managed to get their hands on the old certificate during the recent intrusion.
The software developer AVAST released the latest security bulletin, saying that hackers have recently tried to steal their internal data through the company’s internal virtual private network. However, the hacker tried to enter the directory and was alerted by the security mechanism and issued a warning. AVAST initially characterized the warning as a false positive and therefore did not specifically deal with it. The company then found that the attacker actually logged in to the company’s internal virtual private network, and the attacker also obtained domain management-level operational privileges by granting rights. Eventually, AVAST confirmed that this was a hacker attack and immediately adjusted the internal network configuration file.
Based on security considerations, all old CCleaner digital certificates are now revoked, ensuring that attackers cannot use them directly in other environments after stealing certificates. AVAST checked all the files and found that the hacker had not tampered with any files, but the company re-verified all the files for security reasons. After the verification, the new digital certificate will be re-applied and CCleaner will be re-signed. The latest signed version has been pushed to users worldwide this week. AVAST said the company is also investigating with Czech law enforcement agencies and other security agencies and is currently confident that all users will not be affected by security.