What to do if you downloaded the malware-infected CCleaner app

Marcus Newton
September 19, 2017

But Talos said the impact of the attack could be more severe, given that CCleaner was reported to be adding five million new users a week.

The version of CCleaner tried to connect to several unregistered web pages, presumably to download other programmes.

The security team's blog said the signed version of CCleaner 5.33 distributed by Avast contained a multi-stage malware payload.

"To the best of our knowledge, we were able to disarm the threat before it was able to do any harm", said Piriform vice president of products Paul Yung in a blog post. The malware expert added that a similar attack was carried out on accounting software in the Ukraine in June.

"This (incident) is very troublesome because it indicates that attackers were able to control a critical piece of the infrastructure used by the vendor", he said.

However, that still means downloads of CCleaner in the four weeks since its release on 15 August and downloads of CCleaner Cloud in the three weeks since its release on 24 August were compromised.

Avast's CTO Ondrej Vlcek declined to speculate on the hackers' intentions for the data being harvest by the malware - saying he could not comment on account of an law enforcement investigation now underway.

While Piriform and Avast continue to look into the cause of the issue, the more than two million people who use CCleaner have to live unsure if the app they count on to keep their computer running smoothly and efficiently may have infected their machine with malware.

More news: Chelsea 0 Arsenal 0: David Luiz sent off as champions are held
More news: Writ seeks specific refugee law in Bangladesh
More news: Sanctuary state bill gets approval from CA Assembly

Anyone using the free version of CCleaner needs to manually download updates because the software does not update automatically.

Also, it appears the malware simply collected information about the computers it was uploaded on; while Floxif can download and execute other forms of malware, Avast, CCleaner's distributor, hasn't found evidence it did so.

In July, Avast acquired Piriform and said about 130 million people use CCleaner.

The security firm speculates that an external attacker compromised the program's development or build environment to insert the malware, or it could have been an insider doing the same.

This security threat was discovered last week on the 13th of September. However, "the lack of automatic updates for the free edition of CCleaner may actually have reduced the total number of users put at risk by the compromised version", United Kingdom security writer Graham Cluley noted in his blog today. With this backdoor, hackers gained access to the data and were hooking onto them.

Anyone who had downloaded the compromised version of CCleaner was now being moved to the latest uninfected version, he said.

CCleaner is the software to clean up the system and optimize its performance.

"We are continuing to investigate how this compromise happened, who did it and why".

Other reports by MaliBehiribAe

Discuss This Article