The recent CCleaner malware outbreak is much worse than it initially appeared, according to newly unearthed evidence.
That evidence shows that the CCleaner malware infected at least 20 computers from a carefully selected list of high-profile technology companies with a mysterious payload.
Previously, researchers found no evidence that any of the computers infected by the booby-trapped version of the widely used CCleaner utility had received a second-stage payload the backdoor was capable of delivering.
The new evidence—culled from data left on a command-and-control server during the last four days attackers operated it—shows otherwise. Of 700,000 infected PCs, 20 of them, belonging to highly targeted companies, received the second stage, according to an analysis published Wednesday by Cisco Systems’ Talos Group.
Because the CCleaner backdoor was active for 31 days, the total number of infected computers is “likely at least in the order of hundreds,” researchers from Avast, the antivirus company that acquired CCleaner in July, said in their own analysis published Thursday.
Read 8 remaining paragraphs