admin No Comments

CCleaner malware infected 2.27M users

CCleaner, our favorite System Optimization tool has become a  victim of Malware!

Users of CCleaner, a free software utility intended to improve system performance on Windows computers and Android devices got some nasty news toward the beginning of the week when Piriform, the organization which makes CCleaner, wrote in a blog post that specific versions of the product had been compromised by hackers — and that malicious,data-harvesting software had piggybacked on its installer program.

The affected product versions are CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191.

Piriform is encouraging users to move up to ver 5.34 or higher

Some users may still have a device that is compromised. Piriform says it’s moving all CCleaner users to the most recent version, while CCleaner Cloud users will be upgraded automatically.

The malware was designed to collect non sensitive information from compromised machines — specifically, Piriform says: the PC name, IP address, installed programs, list of active programs and list of network adapters transmitting it to a server situated in the US.

“We have no indications that any other data has been sent to the server,” it writes.

“Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done. It would have been an impediment to the law enforcement agency’s investigation to have gone public with this before the server was disabled and we completed our initial assessment,” it added.

A representative for security goliath Avast, which acquired Piriform back in July, said: “We believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm.”

““We estimate that 2.27 million users had the affected software installed on 32-bit Windows machines,” she further added.

CCleaner was estimated as having 130M clients, including 15M on Android. So concerns had been raised about the vast potential number of affected devices.

It appears that the vulnerability was downloaded by a small minority of users — particularly to those utilizing 32-bit Windows operating systems.

No individuals running CCleaner on Android devices were compromised, as indicated by Avast.

Piriform’s VP of products has gone into some detail in regards to the hack, writing that: An unauthorized modification of the CCleaner.exe binary resulted in an insertion of a two-stage backdoor capable of running code received from a remote IP address on affected systems.”

He additionally notes that Piriform initially saw suspicious activity on September 12, 2017, further examination uncovered “the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was modified before it was released to the general public”.

That implies some Windows users of CCleaner could have had their machines infected for over a month — the compromised versions were released on August 15 and August 24 individually.

Piriform estimates these versions “may have been utilized by up to 3% of our clients” — which would push the pool of affected computers as high as 3.9M.

Avast declined to speculate on the hackers intentions, a law enforcement investigation currently underway.

Asked what extra measures it’s taking to prepare for a future assault, Avast said “We are making sure the problem doesn’t happen again by moving the entire Piriform product build environment to a more robust, secure infrastructure provided by Avast.”