CCleaner Was Distributing Malware for a Month

MakeUseOf

By Dave Parrack

Published Sep 18, 2017

CCleaner, a popular piece of security software with a squeaky clean reputation, was distributing malware for the best part of a month. Which means you need to update ASAP.

CCleaner, a popular piece of security software with a squeaky clean reputation, was distributing malware for the best part of a month. Although Piriform has disarmed the threat, anyone using the affected version of CCleaner is being urged to update the software at their earliest convenience.

Over time, computers get clogged up with lots of unnecessary crap. Cookies, temporary internet files, and outdated Windows Registry entries, to name just three. CCleaner exists to clean this crap away, with the C in the name standing for "Crap". Unfortunately, CCleaner has been delivering its own form of crap of late.

Hackers Hack CCleaner

Hackers successfully managed to modify recent versions of CCleaner and CCleaner Cloud for 32-bit Windows systems. According to Piriform, the developer of CCleaner, this meant that CCleaner v5.33 and CCleaner Cloud v1.07 contained "a two-stage backdoor capable of running code received from a remote IP address on affected systems".

Once delivered to users, the payload collected information about the system on which it was present. This includes the name of the computer, a list of installed software, a list of running processes, and the MAC addresses of network adapters. This information was encoded and delivered to an external IP address.

Piriform noticed suspicious activity on September 12, and immediately launched an investigation. The rogue server is now down, and other potential servers are "out of the control of the attacker". Piriform is also endeavoring to move everyone using CCleaner v5.33 to the latest malware-free version.

What isn't yet clear is how this rogue code made its way into the official version of CCleaner in the first place. The investigation is ongoing, and Avast, which acquired Piriform in July 2017, is promising to move the entire product build environment to "a more robust, secure infrastructure" in the future.

Update CCleaner ASAP

In case it isn't obvious, you should update CCleaner right now to ensure you're not running the compromised version. But beyond that there's very little us mere mortals can do to safeguard against this kind of sophisticated attack. It's really up to the developers to ensure their own products aren't being modified.

Did you have the affected versions of CCleaner or CCleaner Cloud installed on your computer? Have you now updated to the latest version? Are you shocked at the ease with which hackers pulled this off? Does it change your opinion of CCleaner, Piriform, or Avast? The comments are open below...

Image Credit: Exile on Ontario Street via Flickr