(pc-Google images) |
Researchers discovered that the malware was specifically trying to gain access to internal networks in at least 20 tech companies, including Google, Samsung, Microsoft, Sony, HTC, Linksys, D-Link, and Cisco itself.
Researchers at Cisco and Avast discovered that the malware was specifically going after a list of internal domains at the time its "command-and-control" server was seized.
Avast wrote, “At the time the server was taken down, the attack was targeting select large technology and telecommunication companies in Japan, Taiwan, UK, Germany and the US. Given that CCleaner is a consumer-oriented product, this was a typical watering hole attack where the vast majority of users were uninteresting for the attacker, but select ones were.”
Cisco reported that the hackers have been successful in installing the malware on more than 700,000 machines and more than 20 machines have received the second-stage payload.
From September 12 to September 16, the highly advanced second stage was reserved for computers inside 20 companies or Web properties, including Cisco, Microsoft, Gmail, VMware, Akamai, Sony, and Samsung.
While Avast is advising individual users to upgrade to its latest version and to use an anti-virus product, Cisco recommends restoring PCs using backup made before CCleaner was installed.