Security vendor Avast distributed malware-infested utility

Ann Santiago
September 20, 2017

CCleaner has gotten compromised in a massive security breach which could affect upwards of 2.27 million users of the popular clean-up software.

Cisco Talos says the malicious version of CCleaner was released on August 15; it notified Piriform-CCleaner's UK-based developer, which was acquired by Avast in July-on September 13 and the server was shut down.

Piriform, the company behind CCleaner, is adamant that no sensitive data has been targeted, and confirms that it has now shut down this server before any known harm could be done. Anyone who downloaded the 5.33 version product or updated their existing product during this timeframe became infected. However, close to 5,000 people already installed the CCleaner Cloud compromised version.

Data transmitted to the attacker's server included the computer's name, IP address, a list of installed software, a list of active software, and a list of network adapters.

Avast and Piriform have both confirmed that the Windows 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were affected by the malware.

To assure CCleaner users that they won't be compromised like this again, Avast also started moving the Piriform build environment to the Avast infrastructure and will move the Piriform staff to the Avast internal IT System. According to them, a hacker had breached their systems sometime back in August and gained access to resources that allowed hacker to inject malicious code to the official distribution package, while still having the official CCleaner security certificate attached to the package.

An app used by millions to optimise computer performance has been hit by a malware attack.

On September 13, Cisco Talos identified an executable in the installer for CCleaner, which was being delivered to endpoints by the legitimate CCleaner download servers. "Piriform believes that these users are safe now as its investigation indicates it was able to disarm the threat before it was able to do any harm", an Avast spokesperson said.

Piriform's parent company Avast, which bought the software business in July, uncovered the attack on September 12.

However, security researchers from Cisco Talos who discovered the backdoor say that a vast number of machines may have been at risk.

Other reports by

Discuss This Article