2m Users Install Malware-Infected CCleaner Security App
19 September 2017 14:47
Users of Avast-owned security application CCleaner have been advised to update their software immediately after researchers discovered criminal hackers had installed a backdoor in the tool.
2.37 million users of the anti-malware tool installed a version of the software that had been hacked to include malware.
Piriform, the developer of the Avast-owned CCleaner security tool, have said their download servers were compromised at some stage in mid-August. The threat was determined on the 12th September, with the 32-bit version of CCleaner v5.33.6162 and the CCleaner Cloud v1.07.3191 products being compromised in a “Sophisticated manner”.
In other words, 3% of CCleaner users are expected to have been affected by the malicious code.
The company says it released safe versions of both programs within three days, but the modified version of the software had been available for a month.
What does this mean for those affected?
The affected app has approximately 2 billion downloads and claims to be getting 5 million extra a week, making the threat particularly severe. Comparing it to the NotPetya ransomware outbreak, which spread after a Ukrainian accounting app was infected, researchers discovered the threat on September 13 after CCleaner 5.33 caused Talos systems to flag malicious activity.
But Piriform has stated that “the compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA. We have no indications that any other data has been sent to the server. Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done.”
But with 2 billion downloads and an extra 5 million per week, the (quite embarrassing) error could have been much more severe.
How to protect yourself
The good news is that Piriform has already fixed the vulnerability, taking down the server and, for those running the Cloud version (1.07.3191) of its software, the update has been automated.
However, those running the standard version will want to ensure they have updated to the latest version, particularly if they downloaded it in the past month.
The affected software is CCleaner 5.33.6162 (32-bit). Users should ensure they are running version 5.34 or higher.