Attackers invade Avast network ‘to put malware in CCleaner’

Unknowns have gained access to the network of security company Avast. Perhaps that was done to put malware in the program, just like one such attack from 2017. That ultimately did not happen.

An attacker managed to access the company’s VPN via stolen credentials, the company writes. It concerned the data of a temporary profile that had not been deleted by mistake and that did not have two-step verification active. It would involve various credentials. Initially, the attacker did not have admin rights on the system, but he managed to get them through a privilege escalation. According to Avast, the malware was designed in such a way that it would not leave any traces. The attackers would also have gone to great lengths to remain undetected in the network.

Avast noticed the attack on September 23. The company worked with Czech intelligence, the police and a forensic team to find more information. According to the company, the attacker had been trying to break into the system since May. Avast then stopped distributing new versions of the program. Analysis of older versions indicated that they were not infected.

Avast suspects that the attackers wanted to infect the CCleaner program with malware. That already happened in 2017. The 32-bit version of the program contained a backdoor for a month. This made remote code execution possible on an infected system. At the time, the attack specifically targeted the systems of about forty companies, such as Intel, Samsung and Sony. However, Avast says it is not certain whether these are the same attackers and what exactly they were trying to do. “With what we know now, we can say that this was a very sophisticated attack,” the company wrote.