Hackers inject malware into CCleaner antivirus software

Hackers inject malware into CCleaner antivirus software

Three days later, on 15th of September, company released a new version, v5.34, hoping that people would immediately update to the new version.

Since the digital signature for the trojanised version of CCleaner was valid, Talos said it most likely meant the program development environment had been compromised by attackers to insert the malware. Avast acquired Piriform, the makers of CCleaner, earlier this July. Anyone who downloaded the 5.33 version product or updated their existing product during this timeframe became infected. It's not clear exactly how many CCleaner uses were affected by the breach, but Talos reports that around 5 million people download it each week. It is also important to note that while previous versions of the CCleaner installer are now still available on the download server, the version containing the malicious payloads has been removed and is no longer available.

We would like to apologize for a security incident that we have recently found in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191.

Brumaghin says that users who have downloaded a malicious version of the CCleaner program need to restore their devices to a state before August 15, 2017 and update to the latest available version of the program to avoid infection. The payload contained a Domain Generation Algorithm and Command and Control functionality that could be used to send encrypted information about the computer back to a server controlled by the hackers.

More news: Dead After IS Attacks in Southern Iraq

"We estimate that 2.27 million users had the affected software installed on 32-bit Windows machines", a spokesperson for software security vendor Avast told eWEEK.

The malware allowed an infected system to be remotely controlled and collects data from your computer. "Users of CCleaner Cloud version 1.07.3191 have received an automatic update", Yung wrote in the blog post. Today, developer Piriform has acknowledged that recent versions of CCleaner and CCleaner Cloud have been compromised with a hidden backdoor, though the company says that it has since disarmed the threat (via Windows Central).

While Avast and Piriform are not speculating on how long the attackers might have been in the CCleaner servers, Cisco's Talos research group has made its own observations.

Related Articles