September 27, 2017

CCleaner Hacked With Malware: More Than 2 Million Users Possibly At Risk

Cisco Talos has discovered that CCleaner, one of PCWorld’s recommendations for the best free software for new PCs, may be putting 2 million users at risk.

About the CCleaner Malware

Cisco Talos found that a malicious bit of code was recently injected by hackers, possibly affecting more than 2 million users who downloaded the latest update. The free versions of CCleaner 5.33 and CCleaner Cloud 1.07.3191 contained “a malicious payload that featured a Domain Generation Algorithm as well as hardcoded Command and Control functionality.”

Cisco Talos suspects that the hackers “compromised a portion of (CCleaner’s) development or build environment and leveraged that access to insert malware into the CCleaner build that was released and hosted by the organization.” It is suspected that the hackers planned to use the malware for industrial espionage.

“Rogue Server” Taken Down, According to VP

Vice President of CCleaner, Paul Yung, has stated that the organization has taken the appropriate action before Cisco Talos notified them of the attack. Yung further states that the attack was only limited to CCleaner and CCleaner Cloud that runs on 32-bit Windows systems. Fortunately enough, the majority of modern PCs are likely to run on the 64-bit version. According to Yung, the attack has been resolved and the “rogue server” has since been taken down. The company has updated all CCleaner users to the latest version of the software. They made the latest version already available on their website, and has removed the infected version from their servers.

What To Do If You’re a CCleaner User

Personal users can download CCleaner 5.34 to make sure they have the latest version. It is also recommended to perform an antivirus scan on your computer. Should your computer be affected by the malware, Cisco Talus recommends using a backup to restore your computer prior to August 15, 2017, which is when the infected version was released.

If you believe your personal computer was affected by the malware, contact us today at 514-855-1223. With ransomware on the rise, it is important to protect yourself. We can help you!