August’s version of CCleaner was compromised
August’s version of CCleaner was compromised
Piriform has confirmed that last month hackers were able to gain access to their servers and inject malicious software into both CCleaner and CCleaner Cloud (CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191), leaving two million users at risk.
Thankfully, CCleaner does not auto-update, limiting this exploit to new downloads of the program. This exploit gave game CCleaner remote administration tools that tried to connect to several unregistered webpages, which could have been used to download more unauthorised programs. More startling is the fact that there was no way to know that your machine was exploited.
Piriform’s CCleaner is a trusted program for a large number of PC users, with 2.27 million users downloading the compromised version of CCleaner and around 5,000 users downloading the compromised version of CCleaner Cloud. The attack was originally uncovered by Avast, Piriform’s parent company, on September 12th, with a new uncompromised version of CCleaner releasing on the same day and a uncompromised version of CCleaner Cloud releasing on September 25th.
In conjunction with US law enforcement, Piriform has been able to shut down the server which traffic from compromised machines was directed to. It is said that this server was shut down “before and known harm was done”.
Our advice is that users of CCleaner check their apps version number to see whether or not they are using a compromised version. Users of these malicious versions of CCleaner should uninstall the app immediately and install an up-to-date version to replace it.
Right now it looks like hackers were using this exploit to collect information from infected machines, rather than use the exploit to install ransomware or additional malicious applications.
Today’s version of CCleaner does not contain this exploit (v5.34.6207).
You can join the discussion on Piriform’s CCleaner being compromised on the OC3D Forums.