Hackers infiltrate free PC cleaning software CCleaner

Alicia Cross
September 19, 2017

A spokeswoman said that 2.27 million users had downloaded the August version of CCleaner while only 5,000 users had installed the compromised version of CCleaner Cloud.

The company's security researchers said they noticed that the malware tried to connect computers to unregistered websites in order to remotely download more harmful programs directly into users' computers.

The malware in question works only on an administrator account, profiling and gathering system information - such as computer name, IP address, list of installed software, list of active software, and list of network adapters - before sending to a US-based C&C server.

The disk cleaning utility CCleaner has been hijacked by cyber attackers that used the popular software as a vehicle for distributing and spreading malware. Hackers infected trusted software and people downloaded it without realizing it contained malware. This is luckily described as "non-sensitive" by Piriform, while there are "no indications that any other data has been sent to the server". They will also need to update to the latest version of CCleaner 5.34.

The affected versions of the software are CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191.

This malware was programmed to collect data from the computer.

The Talos team wrote in an in-depth research analysis: "In reviewing the version history page on the CCleaner download site, it appears that the affected version (5.33) was released on 15 August 2017".

A bit of a warning, if you have download CCleaner recently, their installer was infected with malicious software.

The Talos team believes it may have more to do with an attacker compromising Avast's development and signing process for the CCleaner application and recommended that this certificate be immediately revoked and untrusted going forward.

Hamas Accepts PA Reconciliation Demands to Dissolve Gaza Administration, Hold Elections
For the past several months, Fatah and its chairman Mahmoud Abbas have called on Hamas to make and implement such an announcement. Fatah, meanwhile, said on Sunday that it welcomed the pledge by its rival Hamas to accept key conditions for reconciliation.

BNP wants army for 'proper distribution' of relief in Rohingya refugee camps
He said spread of images of oppressed Rohingya on social media has evoked sympathy and helped IS lure new members. They are homeless and hungry following a long and treacherous journey across the border.

Sindhu thwarts Okuhara to clinch Korean Open Super Series
Both Sindhu and Okuhara displayed their strengths, with Sindhu focusing on her strokeplay and Okuhara on her angles. It was nearly a repeat of the World championship final, though the result reversed, in our favour.

The researchers detected the malware in the app in 13 September while performing beta testing of a new exploit detection technology.

The Talos blog notes that the nature of the attack code suggests that the hacking may have been an inside job, as the hacker gained access to a machine used to create CCleaner.

Regardless of what version you're running, you should make sure your CCleaner is now up to date.

CCleaner, which is available for Mac and PC, deletes unwanted files, browser clutter and other unwanted computer paraphernalia.

Piriform, which is owned by Avast, claimed it has managed to remove the compromised versions of CCleaner "before it was able to do any harm".

Piriform, the firm behind CCleaner, has now published a blog apologizing to its customers.

Yung declined to speculate on how the code appeared in CCleaner or where the attack originated from.

"We are continuing to investigate how this compromise happened, who did it, and why", Piriform said.

Other reports by Free-Prsite

Discuss This Article