Technical Information/Support RequestsCCleaner hacked with malware: What you need to know

Just as the title says

Moderator: Members

User avatar

Topic author
Cybex
Member
Posts: 3424
Joined: April 2008
Contact:
Status: Offline

Mon Sep 18, 2017 12:36 pm

It seems that CCleaner, one of PCWorld’s recommendations for the best free software for new PCs, might not have been keeping your PC so clean after all. In an in-depth probe of the popular optimization and scrubbing software, Cisco Talos has discovered a malicious bit of code injected by hackers that could have affected more than 2 million users who downloaded the most recent update.

On Sept. 13, Cisco Talos found that the official download of the free versions of CCleaner 5.33 and CCleaner Cloud 1.07.3191 also contained “a malicious payload that featured a Domain Generation Algorithm as well as hardcoded Command and Control functionality.” What that means is that a hacker infiltrated Avast Piriform’s official build somewhere in the development process build to plant malware designed to steal users’ data.

Cisco Talon suspects that the attacker “compromised a portion of (CCleaner’s) development or build environment and leveraged that access to insert malware into the CCleaner build that was released and hosted by the organization.” As such, customers’ personal information was not at risk.
[ Further reading: How the new age of antivirus software will protect your PC ]

According to Avast, the malware doesn’t seem to have affected any machines in the wild. In a blog post by vice president of products Paul Yung, he states that the company identified the attack on Sept. 12 and had taken the appropriate action even before Cisco Talos notified them of their discovery. Yung says the attack was limited to CCleaner and CCleaner Cloud on 32-bit Windows systems—fortunately, most modern PCs will likely be running the 64-bit version.

Yung assures customers that the threat has been resolved and the “rogue server” has been taken down. He also says Piriform has shut down the hackers’ access to other servers. Additionally, the company is moving all users to the latest version of the software, which is already available on the company’s website (though the release notes only mention “minor big fixes.”)

Most reassuringly, Yung states that Avast was seemingly able to disarm the threat before it was able to do any harm. The intent of the attack is unclear at this time, though Avast says the code was able to collect information about the local system.

Users can download CCleaner 5.34 from Avast’s website if they haven’t already done so. Previous releases are also still available on the company’s website, but the infected version has been removed from the company’s servers. You’ll also want to perform an antivirus scan on your computer. If you're affected, Cisco Talos recommends using a backup to restore your PC to a state prior to August 15, 2017, which is when the hacked version was released.

The impact on you at home: While users within the target area shouldn’t see any impact from this attempted attack, it’s still a scary notion. While Avast got in front of the issue and resolved it without incident, smaller companies might not be able to react so quickly. For example, earlier this year, it was found that a breach at Ukranian software company MeDoc was responsible for the NotPetya ransomware. Ransomware is becoming a troubling trend, and if hackers are able to infect infect update servers they can spread malware to as many machines as possible.
CCleaner malware hack: What it is and how to avoid it
LAND OF THE FREE BECAUSE OF THE BRAVE

User avatar

KungfuBeer
Member
Posts: 15117
Joined: November 2006
Contact:
Status: Offline

Mon Sep 18, 2017 1:05 pm

I dont use it but thanks for the info.
Image

User avatar

Topic author
Cybex
Member
Posts: 3424
Joined: April 2008
Contact:
Status: Offline

Mon Sep 18, 2017 3:23 pm

I still have an old version, but haven't used it in a long time.
LAND OF THE FREE BECAUSE OF THE BRAVE

User avatar

Moderhinke
Member
Posts: 732
Joined: October 2012
Status: Offline

Tue Sep 19, 2017 5:05 am

I use it pretty frequently but never had that malicious version. Also, who still has a 32 bit Windows these days?
“You can withdraw from a climate agreement but not from climate change, Mr. Trump. Reality isn't just another statesman you shove away.”

User avatar

sidewinder9x
Member
Posts: 6284
Joined: April 2008
Contact:
Status: Offline

Thu Sep 21, 2017 3:40 pm

same here

Post Reply Previous topicNext topic
  • Information
  • Who is online

    Users browsing this forum: No registered users and 1 guest