Malware found in official Ccleaner installers

Transhumana

Level 5
Verified
Jul 6, 2017
271
why? what kind of magic do you think it does to your computer? ccleaner is the epitome of snake oil happily & willingly lapped up by users.

Before I shut my computer down at the end of the day I like it to clean all the temporary internet files, cache and leftover files from uninstalled programs. I also occasionlly use it to manage startup programs and scheduled tasks. So no, I don't expect any magic at all, only to do what it's supposed to do. :)
 
Last edited:

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,080
The other puzzling thing is that no one's computer actually got hurt by this malware. The backdoor was never used to download and run malicious code, or so they say in the article.
Makes me think that it was a spy job, not a malware job.
 

Evjl's Rain

Level 46
Verified
Trusted
Content Creator
Malware Hunter
Apr 18, 2016
3,586
it's not easy to find a better alternative than CCleaner+CCEnhancer
other alternatives usually clean different things and they complement each others

the solution now is to keep CCleaner and block all the out/inbound connections of ccleaner and its related processes
 

Kuttz

Level 13
Verified
May 9, 2015
603
Holly f*** i was using exactly the 5.33 version till now and neither Bitdefender or Kaspersky AV flagged the Ccleaner as malware ?! :eek: Anyway uninstalled the software and needs to look for an alternative. I actually had a silent dislike towards Ccleaner for the past few months for no specific reasons despite I continued using it and my intuition and dislike towards the software was genuine!
 

paulderdash

Level 6
Verified
Apr 28, 2015
269
5.33 Slim installer ...
 

Attachments

  • 2017-09-18_153414.jpg
    2017-09-18_153414.jpg
    71.9 KB · Views: 317

SHvFl

Level 35
Verified
Trusted
Content Creator
Nov 19, 2014
2,338
The other puzzling thing is that no one's computer actually got hurt by this malware. The backdoor was never used to download and run malicious code, or so they say in the article.
Makes me think that it was a spy job, not a malware job.
What i can guess happened is that the file was unsigned left on a server to get signed, someone had access to the server and added a malware downloader to the real release. The person signing the software just grabbed the version from the server and signed it(must only had access to 32 bit or the 64 version was again updated after he accessed it. The malware author had to wait for a fair amount of time for all people to get it and then push the malware download to all computers with the affected version. Ccleaner team identified the breach before that and took down the server and issued an update to the program.
This is me guessing.
 
Top