“ShadowPad is an example of how dangerous and wide-scale a successful supply-chain attack can be," Kaspersky analyst Igor Soumenkov wrote at the time. One month later, researchers at Russian security firm Kaspersky discovered another supply chain attack they called "Shadowpad": Hackers had smuggled a backdoor capable of downloading malware into hundreds of banks, energy, and drug companies via corrupted software distributed by the South Korea-based firm Netsarang, which sells enterprise and network management tools. Three times in the last three months, hackers have exploited the digital supply chain to plant tainted code that hides in software companies' own systems of installation and updates, hijacking those trusted channels to stealthily spread their malicious code. It's also an increasingly common incident.
That attack betrayed basic consumer trust in CCleaner-developer Avast, and software firms more broadly, by lacing a legitimate program with malware-one distributed by a security company, no less. On Monday, Cisco's Talos security research division revealed that hackers sabotaged the ultra-popular, free computer-cleanup tool CCleaner for at least the last month, inserting a backdoor into updates to the application that landed in millions of personal computers. But lately, devious hackers have been targeting their attacks further up the software supply chain, sneaking malware into downloads from even trusted vendors, long before you ever click to install.
#Ccleaner malware download install
Only install applications from a trusted source or from a trusted app store.
The warnings consumers hear from information security pros tend to focus on trust: Don't click web links or attachments from an untrusted sender.
0 kommentar(er)
