Malware discovered in CCleaner put millions of users at risk
- Author: Wendy Palmer Sep 20, 2017,
Sep 20, 2017, 0:52
Mr Yung said the company had spotted some "suspicious activity" on 12 September that led it to discover version 5.33 had been "illegally modified" before it had been made available to the public.
When renowned anti-virus developer Avast purchased CCleaner from Piriform in July, it should have had some clue about what it was getting into, or rather, what could get into its new software. According to Avast, which recently acquired maker Piriform, it boasts over 2 billion worldwide downloads and receives 5 million more each week.
Users that were unlucky enough to download and install version 5.33 of CCleaner have two options; restore your system to a point in time before 15th August or format and reinstall. The malware allows hackers to potentially get access to the user's computer, and other connected systems, to steal personal data or credentials.
The affected software included version 5.33.6162 of CCleaner, and version 1.07.3191 CCleaner Cloud for 32-bit Windows, which were released on 15 August and 25 August, respectively.
An app used by millions to optimise computer performance has been hit by a malware attack. The payload contained a Domain Generation Algorithm and Command and Control functionality that could be used to send encrypted information about the computer back to a server controlled by the hackers.
We asked Piriform's parent company, Avast, what users should do if they find themselves with an infected version of the popular maintenance app.
The company said because few users automatically downloaded new versions of the software, the impact of the malicious code had been limited.
"At this stage, we don't want to speculate how the unauthorised code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it", said Paul Yung, from Piriform.
This is because the free version does not include automatic updates, meaning a significant number of users may be unaware they are still running a compromised version.
Researchers with Cisco's Talos Intelligence Group found that CCleaner was compromised by what's known as a "supply chain attack".