CCleaner
Attacking the Weakest Link in the Supply Chain
What Just Happened?! Millions invested in the latest security technologies? Check. Your team trained on information security best practices? Check. Passed a third-party review of your security architecture? Check. So, how the hell were hundreds of your servers’ hard drives just destroyed by malware…
Disassembler and Runtime Analysis
This post was authored by Paul Rascagneres. Introduction In the CCleaner 64bit stage 2 previously described in our blog, we explained that the attacker modified a legitimate executable that is part of “Symantec Endpoint”. This file is named EFACli64.dll. The modification is performed in the runtime…
CCleaner Command and Control Causes Concern
This post was authored by Edmund Brumaghin, Earl Carter, Warren Mercer, Matthew Molyett, Matthew Olney, Paul Rascagneres and Craig Williams. Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research c…