CCleaner Compromised

CCleaner has long been a trusted tool for cleaning up computers; it even made PCWorlds list of the 15 best free programs. But security firm Cisco Talos discovered that hackers had injected a malicious bit of code into the most recent update, potentially affecting the more than 2 million users who downloaded it. Thankfully, it appears that the company was able to get in front of this one:

According to Avast, the malware doesn’t seem to have affected any machines in the wild. In a blog post by vice president of products Paul Yung, he states that the company identified the attack on Sept. 12 and had taken the appropriate action even before Cisco Talos notified them of their discovery. Yung says the attack was limited to CCleaner and CCleaner Cloud on 32-bit Windows systems—fortunately, most modern PCs will likely be running the 64-bit version. 

Yung assures customers that the threat has been resolved and the “rogue server” has been taken down. He also says Piriform has shut down the hackers’ access to other servers. Additionally, the company is moving all users to the latest version of the software, which is already available on the company’s website (though the release notes only mention “minor big fixes.”)

Most reassuringly, Yung states that Avast was seemingly able to disarm the threat before it was able to do any harm. The intent of the attack is unclear at this time, though Avast says the code was able to collect information about the local system.

Still, anyone with CCleaner should take appropriate action:

The bug affects anyone who downloaded CCleaner version 5.33 or updated their version between August 15 and September 12. Talos is advising anyone who’s worried to roll back their systems to a time before August 15, or reinstall them. They will also need to update to the latest version of CCleaner 5.34.

Hat tip to CBS in Philidelphia.

This entry was posted in Hacking. Bookmark the permalink.