Security Tech News Windows

CCleaner Was Distributing Malware for a Month

Dave Parrack 18-09-2017

CCleaner, a popular piece of security software with a squeaky clean reputation, was distributing malware for the best part of a month. Although Piriform has disarmed the threat, anyone using the affected version of CCleaner is being urged to update the software at their earliest convenience.


Over time, computers get clogged up with lots of unnecessary crap. Cookies, temporary internet files, and outdated Windows Registry entries How to Reset the Windows Registry to Default If you've messed up the Windows Registry, hopefully you have a backup. If not, you have a short list of options to fix the problem. Read More , to name just three. CCleaner exists to clean this crap away, with the C in the name standing for “Crap”. Unfortunately, CCleaner has been delivering its own form of crap of late.

Hackers Hack CCleaner

Hackers successfully managed to modify recent versions of CCleaner and CCleaner Cloud for 32-bit Windows systems. According to Piriform, the developer of CCleaner, this meant that CCleaner v5.33 and CCleaner Cloud v1.07 contained “a two-stage backdoor capable of running code received from a remote IP address on affected systems”.

Once delivered to users, the payload collected information about the system on which it was present. This includes the name of the computer, a list of installed software, a list of running processes, and the MAC addresses IP and MAC Address: What Are They Good For? The internet isn't so different from the regular postal service. Instead of a home address, we have IP addresses. Instead of names, we have MAC addresses. Together, they get the data to your door. Here's... Read More of network adapters. This information was encoded and delivered to an external IP address.

Piriform noticed suspicious activity on September 12, and immediately launched an investigation. The rogue server is now down, and other potential servers are “out of the control of the attacker”. Piriform is also endeavoring to move everyone using CCleaner v5.33 to the latest malware-free version.

What isn’t yet clear is how this rogue code made its way into the official version of CCleaner in the first place. The investigation is ongoing, and Avast, which acquired Piriform in July 2017, is promising to move the entire product build environment to “a more robust, secure infrastructure” in the future.


Update CCleaner ASAP

In case it isn’t obvious, you should update CCleaner right now to ensure you’re not running the compromised version. But beyond that there’s very little us mere mortals can do to safeguard against this kind of sophisticated attack Can Cybersecurity Keep Up? The Future of Malware and Antivirus Malware is constantly evolving, forcing antivirus developers to maintain pace. Fileless malware, for instance, is essentially invisible -- so how can we defend against it? Read More . It’s really up to the developers to ensure their own products aren’t being modified.

Did you have the affected versions of CCleaner or CCleaner Cloud installed on your computer? Have you now updated to the latest version? Are you shocked at the ease with which hackers pulled this off? Does it change your opinion of CCleaner, Piriform, or Avast? The comments are open below…

Image Credit: Exile on Ontario Street via Flickr

Related topics: CCleaner, Computer Security, Online Security, Windows.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Tim
    January 8, 2019 at 2:40 am

    The day my computer started going bonkers, I deleted that version and went back to a safer version I had from last update before July 2017. Haven't updated since and don't plan on it - the edition I already had works good enough for I refuse to use Avast!

  2. Santi
    January 27, 2018 at 4:12 am

    effin CCleaner update wants to push you Avast, be wary!

  3. Eric
    September 19, 2017 at 2:01 pm

    So I guess it helped me since i havent updated mine last time.Lol
    I think it was cisco who first uncovered the issue.

  4. bob8356
    September 19, 2017 at 9:54 am

    This only applies to 32-bit. Most people are on 64-bit and not affected. This important detail is under reported, but crucial. Check the Piriform website (and others) for information.


  5. Karol
    September 18, 2017 at 9:50 pm

    For me it's game over. I've just uninstalled CCleaner and I'm not going to use it again.