Malware found in official Ccleaner installers

D

Deleted member 178

Thread author
Dear CCleaner customers, users and supporters,

We would like to apologize for a security incident that we have recently found in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. A suspicious activity was identified on September 12th, 2017, where we saw an unknown IP address receiving data from software found in version 5.33.6162 of CCleaner, and CCleaner Cloud version 1.07.3191, on 32-bit Windows systems. Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process. We also immediately contacted law enforcement units and worked with them on resolving the issue. Before delving into the technical details, let me say that the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version. Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.

Read more here

As i said so many times, nothing is safe.
 
Last edited by a moderator:

kev216

Level 21
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 6, 2014
1,044
Hackers broke into British company Piriform’s free software for optimizing computer performance last month and installed tools that could have allowed them to take control of tens of millions of devices, the company and independent researchers said on Monday.

The malicious program was slipped into legitimate software called CCleaner, which is downloaded for personal computers and Android phones as often as 5 million times a week. It cleans up junk programmes and advertising cookies to speed up devices.

CCleaner is the main product made by London’s Piriform, which was bought in July by Prague-based Avast, one of the world’s largest computer security vendors. At the time of the acquisition, the company said 130 million people used CCleaner.

A version of CCleaner downloaded in August included remote administration tools that tried to connect to several unregistered web pages, presumably to download additional unauthorized programs, security researchers at Cisco’s Talos unit said.


Talos researcher Craig Williams said it was a sophisticated attack since it penetrated an established and trusted supplier in a manner similar to June’s “NotPetya” attack on companies that downloaded infected Ukrainian accounting software.

“There is nothing a user could have noticed,” Williams said, noting that the optimization software had a proper digital certificate, which means other computers automatically trust the program.

In a blog post, Piriform confirmed that two programmes released in August were compromised. It advised users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 to download new versions. It did not disclose how many users were affected.

Piriform said Avast, its new parent company, had uncovered the attacks on September 12. A new, uncompromised version of CCleaner was released the same day and a clean version of CCleaner Cloud was released on September 15, it said.

The nature of the attack code suggests that the hacker won access to a machine used to create CCleaner, Williams said.

CCleaner does not update automatically, so each person who has installed the problematic version will need to delete it and install a fresh version, he said.

Williams said Talos detected the issue at an early stage, when the hackers appeared to be collecting information from infected machines, rather than forcing them to install new programs.

Piriform said it had worked with U.S. law enforcement to shut down a server located in the United States to which traffic was set to be directed.

It said the server was closed down on Sept. 15 “before any known harm was done”.

A detailed analysis of the attack can be found here: Cisco's Talos Intelligence Group Blog: CCleanup: A Vast Number of Machines at Risk and Piriform - Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
And their program is removed forever. Piriform is terrible and this is honestly the worse offend they could have done. I don't use 32 bit luckily but they SUCK.

EDIT: SIGNED WITH THEIR CERTIFICATE. HOW SAD AND PATHETIC. PS the hackers are worse. They could have signed actual malware.
 
Last edited:

Daljeet

Level 6
Verified
Well-known
Jun 14, 2017
264
From v.5.33 I have updated My CCleaner on September 12 to v.5.34 , and I'm 32 bit. ...................... Sooo Sh** :mad::mad::mad:
What Now ? ( Only Reinstaling ??? ) :cautious::rolleyes::rolleyes:
Restore your system
CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top