CCleaner gets hit by a nasty malware infection

Popular software CCleaner infected with backdoor

CCleaner claims its software is downloaded over 5 million times a week, with over 2 billion installations worldwide.

The company's security researchers said they noticed that the malware tried to connect computers to unregistered websites in order to remotely download more harmful programs directly into users' computers.

Once in place, the malware would wait five minutes, determine if the user had admin privileges, and then steal information from PCs, such as the computer's name, a list of installed software and Windows updates, running processes, MAC addresses of network adapters alongside additional information.

CCleaner has gotten compromised in a massive security breach which could affect upwards of 2.27 million users of the popular clean-up software.

According to Piriform's blog post, its programs released in August were compromised and users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 are advised to download new versions.

"To the best of our knowledge, we were able to disarm the threat before it was able to do any harm", said Mr Yung. Hackers infected trusted software and people downloaded it without realizing it contained malware. The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker.

Users of CCleaner 5.33 are urged to immediately update to the latest CCleaner 5.34 version.


Avast's CTO Ondrej Vlcek declined to speculate on the hackers' intentions for the data being harvest by the malware - saying he could not comment on account of an law enforcement investigation now underway.

Legitimately signed but backdoored versions of the popular CCleaner utility were available for download from the developer's Web site and servers for almost a month, Cisco Talos researchers have discovered. Cisco Talos researchers speculate that attackers could have compromised a developer account that provided access or possibly were able to directly exploit a system within the CCleaner build environment.

Because the malware remains present, even after users update the CCleaner software, affected users should remove and reinstall everything on the machine and restore files and data from a backup made before 15 August. Discovered by researchers at Cisco's Talos division, hackers are thought to have run code from a remote IP address using a backdoor.

According to Piriform, its new parent company Avast had found the affected versions of the software had been compromised on 12 September.

Far from being a fake CCleaner app, the version spotted by Cisco was found to be legitimate and signed with a valid digital certificate.

The attackers were using version 5.33 of CCleaner to spread a multi-stage malware payload.

Yung said Piriform is taking detailed steps internally so that this doesn't happen again.

Related News:



Most liked

Google launches UPI-payments based app: 'Tez'
Tez launches with support for many languages including English, Hindi, Bengali, Gujarati, Kannada, Marathi, Tamil, and Telugu. After downloading the application from App Store and Play Store , you'll need to add your mobile number for OTP verification.

Trump Shares Doctored Image of His Golf Ball Hitting Hillary Clinton
Let's hear your thoughts on this inflammatory retweet by the President of the United States. Trump attacked Clinton directly last Wednesday in a pair of Twitter posts .

Rohingya exodus to Bangladesh exceeds 400000
Dhaka earlier said Bangladesh required India's assistance in its efforts to handle the situation and send the refugees back home. Prime Minister Hasina also said she will raise the Rohingya issue at the UN General Assembly now under way in NY .

Koeman's Premier League Record Against Mourinho Gives Hope To Everton
The Express report Mourinho said: "Luke Shaw is not injured anymore so is a question of form, is a question of option". Marcos Rojo continues to recover from an ACL injury, which is expected to keep him out until the end of the year.

California legislature passes bill to become sanctuary state
The Assembly's 49-25 vote sets up a vote in the Senate later Friday. The Trump administration is playing politics with public safety. The Republican minority in the Legislature opposed the bill.

Hurricane Jose to turn a half-loop in Atlantic
Jose, once a powerful hurricane threatening already devastated Caribbean islands, downgraded to a tropical storm Thursday. The eastern Atlantic has been very active this summer with both Irma and Jose originating in this area of the ocean.

SpaceX's blooper reel is an expensive symphony of fiery explosions
These landings were to be attempted over water, while the first attempt to land on solid ground succeeded on December 21st, 2015. SpaceX has gotten so good at safely landing its Falcon 9 rocket boosters we now expect successful touchdowns from the company.

Adam Levine And Behati Prinsloo Are Having Another Child
The gorgeous model has confirmed that she is pregnant again and their family of three will turn four next year. Behati posted a snap of her blossoming bump to the social media platform, along with the caption 'round two'.

Frankfurt - Volkswagen T-Roc kicks off brand renewal
The Volkswagen Group is planning to make fully electric and plug-in hybrid variants of all 300 of its models by 2030. Volkswagen has no plans to ditch diesel engines and isn't anxious about the rising threat of Tesla.

Hurricane Jose still a potential threat to Florida after Hurricane Irma
Before this hurricane season, the United States had gone a record 12 years without a major hurricane landfall. "We should not take too much comfort, or indulge in too much angst, over a particular set of model runs".

Two Hizbul terrorists killed, one arrested in J&K's Kulgam
On Sunday had two local Hizbul militants were killed in an overnight encounter in neighbouring Shopian district. Two militants have been killed in an operation by security forces in Rudwani area of Kulgam in south Kashmir.

New Miss America chides Trump for withdrawing from worldwide climate accord
This feat has left a mark in the pageant's history, as the new Miss America is the first victor from the Rough Rider State. Miss Missouri , Jennifer Davis , did not answer the Trump-hating question "correctly", and now she is not Miss America .

Hingis and Murray win US Open mixed doubles title
Stephens outlasted Venus Williams in her semifinal match on Thursday, while Keys routed a fourth American, CoCo Vandeweghe. Trailing 8-7 late in the tiebreaker, the top seeds won the last three points to claim the mixed doubles title.

Putin kicks Trump to the curb, saying Don is "not his bride"
They urged more efforts to pressure North Korea to abandon what they called its "current threatening and destabilizing path". He quoted Mattis as saying the United States will defend Japan, citing in particular the deterrence offered by the U.S.

Brewers pitcher Jimmy Nelson out for rest of 2017
And his toughness was on display when he went out and pitched the bottom of the fifth Friday with a "weird" feeling in his arm. Travis Shaw and Orlando Arcia each hit a two-run double, Ryan Braun scored on a balk by Grimm, and Perez had a sacrifice fly.