Science

CCleaner software infected, 2.27 million people have been affected

19 Sep 2017 | By Anish Chakraborty
CCleaner software was compromised by hackers

Several of us use Avast-owned CCleaner on phones and PCs to optimize performance.

However, if you're using CCleaner v5.33.6162 or/and CCleaner Cloud v1.07.3191, it's advisable that you uninstall the software because it has been infected by hackers.

Reportedly, around 2.27 million people have been affected by this infected software. Users, still using these software versions, have been asked to update it.

Here's more.

In context: CCleaner software was compromised by hackers

19 Sep 2017CCleaner software infected, 2.27 million people have been affected

PiriformWhat is it all about?

Maintenance and file clean-up software CCleaner is run by Piriform, a subsidiary of anti-virus giant Avast and is downloadable for free.

The researchers, at Cisco Talos, discovered that the software has been infected, on September 13, when they were conducting a customer beta testing of the firm's latest exploit detection technology.

A "specific executable" was flagged by their advanced malware protection systems.

Love Tech news?
Stay updated with the latest happenings.
How was it discovered?

Cisco TalosHow was it discovered?

On inspection, Cisco Talos found out that the program in question was the installer for CCleaner v5.33, which was downloaded by legitimate CCleaner download servers.

After scrutiny, Talos discovered that although the software contained Piriform's valid signature, it was not the only application that came while downloading it.

Hackers had placed a malicious payload directly on CCleaner's download server on September 11, 2017.

InfectionThe time frame of the infection

The Cisco Talos researchers said that the affected version (5.33) was released on August 15, 2017. Piriform released an unaffected version on September 12, 2017, version 5.34.

So, the infected software spread to the users during the time period between August 15 and September 12.

The infected software had a backdoor that sent encrypted information from the corrupted computer to the hackers' server.

DGAIs it still spreading?

Hackers made use of domain generation algorithm (DGA) to ensure that when their servers went down, new domains would be created to receive the stolen data.

After this revelation, Piriform issued a statement saying that Piriform CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 have been compromised and they've affected only those users who were using the 32-bit version. The hacker server has been shut down.

CompromiseWhat did the firm say?

Piriform, which was recently acquired by Avast, is one of the world's largest computer security vendors. They said that these versions may have been used by only 3% of its users.

The infection or "compromise," as the firm termed it, could have caused the transmission of "computer name, IP address, list of installed software, list of active software, list of network adapters."