Malware found in official Ccleaner installers

toto_10

Level 5
Verified
Well-known
Feb 12, 2017
245
Go into "application control" and Deny network access for CCleaner!

6gXKS5y.png

Thank you very much mate! Really nice with the screenshot too =)
 

uninfected1

Level 11
Verified
Top Poster
Well-known
Jan 28, 2016
525
Like others here thankfully my laziness looks like it's saved me. Still on version 5.21. Checked the registry just in case and there was no Agomo key so hopefully I'm OK.That's me finished with CCleaner. I don't see how it's possible to trust a product after something like this.
 
Last edited:

Node

Level 3
Verified
Aug 6, 2017
100
I cannot comment on the transition of Piriform over to avast! and their acquisitions over the software such as CCleaner, but I'm not entirely sure if it may have had an impact. I stopped using CCleaner about a month ago as a result of the transition.

If you haven't already and would like to try an alternative I strongly endorse the use of BleachBit or Wise Care 365.
 
Last edited:
F

ForgottenSeer 58943

Thread author
This article indicates Avast has been compromised and that this breach was a direct result of Avast acquiring CCleaner.. Somehow, I knew this product was ruined when Avast acquired them. This product is now tainted goods and not worth a 10th of whatever Avast paid for it. Note: Immunet now uses Morphisec and Talos... IMO it is very possible Avast could face litigation from this.

Software Has a Serious Supply-Chain Security Problem
CCleaner app had been installed 2.27 million times from when the software was first sabotaged in August until last week. (not including the Agomo/CCleaner Cloud Subscribers and businesses subscribers who were also hit)

Avast cryptographically signs installations and updates for CCleaner. The hackers had apparently infiltrated Avast's software development or distribution process before that signature occurred, so that the antivirus firm was essentially putting its stamp of approval on malware, and pushing it out to consumers.
 
Last edited by a moderator:

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Last day I installed Kaspersky Free for a try. After updating it I did run a full system and the AV didn't flagged any files as malware. Since I uninstalled Kaspersky and switched back to BD Free I cannot do a scan again.

Since I have the problematic Ccleaner533.exe I now analysed it through VirusTotal and the result is shocking indeed:

VirusTotal

I just checked my PC, I have it but luckily the 64 bit one... I'm scanning now :mad:...
Incredible that Avast still doesn't detect it on VT!...on 19 September!(n)
 

Andrew999

Level 24
Verified
Top Poster
Well-known
Dec 17, 2014
1,344
I hope I am ok and didn't get infected. I can't remember which version I downloaded. I remember it asked me in the program one time to download an update which actually downloaded through the program without having to go to file hippo etc. I hope it wasn't the infected version. I am running Sophos Home Beta and Zemana Anti Malware Premium and I ran a scan and all is fine. I also have a 64x system so I hope it installed the 64bit version of Ccleaner Free which I heard is safe.
 
Last edited:
  • Like
Reactions: Venustus

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Last edited:

tonibalas

Level 40
Verified
Honorary Member
Top Poster
Well-known
Sep 26, 2014
2,973
Well when this poll reflects the general opinion, this blooper flushed half of the sum of money Avast paid for Piriform down the drain.

CFO of Avast can write off half of the Piriform Investment.
I totally agrre on that.
As for CCleaner and other 3rd party cleaner i have stop using them for some time now.
I use windows biult in Disk cleaner which does a good job even not as fast as the others but at least i am on the safe side of not doing any harm to my system.

As for the poll i would say that i still trust them but i would stay away a while from them just to be safe.
I don't see why i shouldn't trust them.
Many security products have been hacked before but people still trust them and of course they are using them.
So why not the same with CCleaner?
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
I recall CCleaner trying to connect out about a week ago, I have checking for updates disabled, so it seems that blocking outbound connections for trusted software is not such a bad idea after all, especially since even trusted apps, with a valid digital signature, can not be trusted anymore. :(
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top