Home / Explore Technology / Security / Malware Hits PC Cleanup Tool CCleaner

Malware Hits PC Cleanup Tool CCleaner

Two versions of popular cleanup tool CCleaner for 32-bit Windows machines contained well-hidden malware.

SecurityWatchThe regular and cloud-based versions of CCleaner, which has been downloaded over 2 billion time worldwide as of November 2016 and adds about 5 million new users a week, have since been patched and the US-based server to which the malicious code sent system information has been shut down.

According to security researchers at Cisco Talos, who spotted the code, the malware was so cleverly hidden within an update, it received a Symantec security certificate. "Upon closer inspection, the executable in question was the installer for CCleaner v5.33, which was being delivered to endpoints by the legitimate CCleaner download servers," the Cisco Talos team says.

Cisco Talos says the malicious version of CCleaner was released on Aug. 15; it notified Piriform—CCleaner's UK-based developer, which was acquired by Avast in July—on Sept. 13 and the server was shut down.

Piriform revealed that the malware collected system information—including lists of installed software and Windows updates, MAC addresses of network adapters, PC names and information from the Windows registry key; all of which was sent to a remote server.

"The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we're moving all existing CCleaner v5.33.6162 users to the latest version [5.34]," Piriform's vice president of products, Paul Yung, said in a post. "Users of CCleaner Cloud version 1.07.3191 have received an automatic update [to 1.07.3214]. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm."


While such information isn't sensitive (i.e. it can't be used to personally identify you), it's nonetheless useful to hackers who want to get a better idea of the types of systems potential targets are running.

Cisco Talos suspects the attack was possible thanks either to CCleaner's build environment being compromised or someone with inside access. Piriform did not immediately respond to a request for comment on the attack's distribution and where most affected systems were located.

Updated versions of CCleaner and CCleaner Cloud have since been released; users of the former should download version 5.34 of CCleaner if they've not already done so, while CCleaner Cloud customers will have already received the update to 1.07.3214.

Read more

Check Also

Hackers Target DNC Voter Database

UPDATE: The hacking attempt appears to be a false alarm. The DNC is saying the incident was part of an unauthorized "simulated phishing test" on the party's online voter database.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.