CCleaner Command and Control Causes Concern
Thought Leadership, Security
Source: Edmund Brumaghin, Earl Carter, Warren Mercer, Matthew Molyett, Matthew Olney, Paul Rascagneres and Craig Williams.
Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. Talos recently published a technical analysis of a backdoor which was included with version 5.33 of the CCleaner application. During our investigation we were provided an archive containing files that were stored on the C2 server. Initially, we had concerns about the legitimacy of the files. However, we were able to quickly verify that the files were very likely genuine based upon the web server configuration file