Ccleaner is it safe to download and use again?

  • Thread starter ForgottenSeer 55474
  • Start date
Status
Not open for further replies.
F

ForgottenSeer 58943

Thread author
L S said:
....... You think this programs can't be hacked ....... like we All have been thinking that CCleaner can't be hacked ....... (all is the same story, toooo ).
Click to expand...

Yup. Worse, the security of folks using CCleaner was seemingly fully bypassed by this. Rendering it nothing more than security theater for the most part.

Think about this.. Some criticized me in another thread after my extensive, well secured gateway/network was compromised by a hijacked Trend Micro update. These same people were possibly compromised by this, or certainly would have been. Even IF some security product warned about CCleaner, how fast would most people whitelist it out of habit with the assumption CCleaner was always safe?
 
  • Like
Reactions: Sunshine-boy
L S

L S

Level 5
Verified
Well-known
Jul 16, 2014
215
ForgottenSeer 58943 said:
Yup. Worse, the security of folks using CCleaner was seemingly fully bypassed by this. Rendering it nothing more than security theater for the most part.

Think about this.. Some criticized me in another thread after my extensive, well secured gateway/network was compromised by a hijacked Trend Micro update. These same people were possibly compromised by this, or certainly would have been. Even IF some security product warned about CCleaner, how fast would most people whitelist it out of habit with the assumption CCleaner was always safe?
Click to expand...

I don't criticized anyone, i just say NOTHING IS SAFE !!!
 
  • Like
Reactions: frogboy and ForgottenSeer 58943
Venustus

Venustus

Level 59
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
It really is hard to trust an app that has been compromised in such a way,and I suspect that the compromise was from the "inside" ie Piriform inserted that backdoor intentionally!Just my opinion!!:)
 
  • Like
Reactions: Marko :), tim one, frogboy and 3 others
spaceoctopus

spaceoctopus

Level 16
Verified
Top Poster
Content Creator
Well-known
Jul 13, 2014
766
venustus said:
It really is hard to trust an app that has been compromised in such a way,and I suspect that the compromise was from the "inside" ie Piriform inserted that backdoor intentionally!Just my opinion!!:)
Click to expand...
You are right when you say that it is difficult to trust the product back again. But lets be realistic, these things happens.
It's serious but there have been, lets say more serious stuff than that. For example, when Norton had to patch several vulnerabilities in their security products that could easily be exploited. Or Duqu which was present in Kaspersky's network. Bitdefender who suffered a breach in their systems with users data stolen.
The important thing is that the attack has been discovered and stopped.
 
  • Like
Reactions: plat1098, tim one, Venustus and 2 others
F

ForgottenSeer 58943

Thread author
venustus said:
It really is hard to trust an app that has been compromised in such a way,and I suspect that the compromise was from the "inside" ie Piriform inserted that backdoor intentionally!Just my opinion!!:)
Click to expand...

Piriform is mysteriously quiet about this. They should have a giant banner on their website about it. IMO.

By the way Cujo was compromised and didn't disclose it. People suddenly had accounts hacked, bad logins to their accounts, etc. Since Cujo acts as a proxy for your network, there is little they couldn't steal from your network. But Cujo appeared to go out of their way to mask the compromise.

I think it is telling how a firm reacts, informs and changes as the result of a compromise.

FYI: Norton actually had the source code for Norton AV stolen in a compromise. Anyone remember that?
 
  • Like
Reactions: plat1098, Venustus, roger_m and 1 other person
spaceoctopus

spaceoctopus

Level 16
Verified
Top Poster
Content Creator
Well-known
Jul 13, 2014
766
ForgottenSeer 58943 said:
Piriform is mysteriously quiet about this. They should have a giant banner on their website about it. IMO.

By the way Cujo was compromised and didn't disclose it. People suddenly had accounts hacked, bad logins to their accounts, etc. Since Cujo acts as a proxy for your network, there is little they couldn't steal from your network. But Cujo appeared to go out of their way to mask the compromise.

I think it is telling how a firm reacts, informs and changes as the result of a compromise.

FYI: Norton actually had the source code for Norton AV stolen in a compromise. Anyone remember that?
Click to expand...
Good point, Piriform should have a big banner on their websites. But at this point it's more about communication because it is a complex situation.
It's not only Avast or Piriform that have been caught off guard, but also many major security companies. This can explain why you don't see many of them talking about this situation on their blog;)
They will start to do it when their signatures are updated with the latest definitions to deal with this problem.
 
  • Like
Reactions: Venustus and frogboy
Elpibe

Elpibe

Level 3
Verified
Sep 26, 2015
126
Why so many criticisms about CCleaner? Windows made a LOT of mistakes and ppl still recommending it, lastpass that in every poll wins, it was hacked, e.g hackernoon (where i read it first) showed that urls weren't encrypted at all (i use this 2 examples cause i didnt want to update my windows and because now im looking for a Password manager )... there are many examples. Piriform/Avast made a mistake, i dont know if a big mistake because there wasnt a damage report of what the virus did or maybe couldnt according to Avast. Im not trying to defend them, but i read so many comments (in a couple of MT thread and even other webs) saying "im not using CCleaner anymore" or things like that, that other companies/sofware didnt have. 13 years of CCleaner and this is the first mistake (or at least a big one) that i can remember.
 
  • Like
Reactions: plat1098, Deletedmessiah, Venustus and 4 others
Yoda

Yoda

Level 3
Verified
Jul 26, 2017
103
Last edited:
  • Like
Reactions: frogboy and roger_m
F

ForgottenSeer 58943

Thread author
Umbra said:
Do like me, use the portable version, it is always behind in term of build version, so less subject to tempering.
Click to expand...

Delayed update cycles, almost always a good idea! In the enterprise world, we always withhold updates, sometimes for days, sometimes weeks and other times months. It's universally paid off for us in terms of things not breaking or bad version avoidance. For Windows, we hold them for 7 days, then push them via our management software. For firmware, we've been known to wait 6 months until version stabilization and testing has been achieved.

I think it is prudent to use portable and delay updating as you note.
 
  • Like
Reactions: roger_m and Deleted member 178
Yoda

Yoda

Level 3
Verified
Jul 26, 2017
103
FYI:
Avira real-time, already detects the 5.33.6162 (and only this version) as a Malware and blocks it.
(Portable version too)

Avira+CCleaner.jpg
 
F

ForgottenSeer 58943

Thread author
In related news - my APT Appliance flagged another 'popular' product. It also failed sandbox evaluation as part of that APT appliance evaluation.

I'm not disclosing what product it was to avoid litigation. But I found similar things happening with Ccleaner starting in MAY and have the emails to prove it between me and Ccleaner employees about the issue. Which of course they said was nothing more than a false positive. Apparently not understanding how APT detection works and it was never flagged before.

Whatever.. I'm sure we will see more update/development channels compromised with more products going forward.
 
  • Like
Reactions: Sunshine-boy
T

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
ForgottenSeer 58943 said:
In related news - my APT Appliance flagged another 'popular' product. It also failed sandbox evaluation as part of that APT appliance evaluation.

I'm not disclosing what product it was to avoid litigation. But I found similar things happening with Ccleaner starting in MAY and have the emails to prove it between me and Ccleaner employees about the issue. Which of course they said was nothing more than a false positive. Apparently not understanding how APT detection works and it was never flagged before.

Whatever.. I'm sure we will see more update/development channels compromised with more products going forward.
Click to expand...
In the case of CCleaner and as far as I know, the dynamic of the attack has not yet been fully made known. Clearly the fact that the system of distribution of the updates may have been compromised in this way, reveals chilling security gaps.

This is the perfect case of "watering hole attack": you aim not your final target, but one of its suppliers.
 
  • Like
Reactions: frogboy, aragornnnn, ForgottenSeer 58943 and 1 other person
Status
Not open for further replies.

Similar threads

B
  • Question
Advice Request Win11, Bleachbit and_or Ccleaner
Replies
1
Views
478
System utilities
Bot
Bot
lokamoka820
    • Like
Advice Request Is It Safe to Delete Empty Folders Found by HiBit Uninstaller?
Replies
8
Views
454
System utilities
SeriousHoax
SeriousHoax
S
    • Like
Question iProVPN is it safe?
Replies
10
Views
471
VPN and DNS
surf_worm
S

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top