CCleaner is a clean-your-computer app beloved of people who own inexplicably slow PCs. If you installed recent editions of it, you were installing malware. But the company behind it hasn’t gone rogue, reports Reuters. Hackers compromised their systems.
A version of CCleaner downloaded in August included remote administration tools that tried to connect to several unregistered web pages, presumably to download additional unauthorized programs, security researchers at Cisco’s (CSCO.O) Talos unit said.
Talos researcher Craig Williams said it was a sophisticated attack because it penetrated an established and trusted supplier in a manner similar to June’s “NotPetya” attack on companies that downloaded infected Ukrainian accounting software.
“There is nothing a user could have noticed,” Williams said, noting that the optimization software had a proper digital certificate, which means that other computers automatically trust the program.
The infected version is 5.33, and you likely have it if you installed the Windows version of CCleaner between August 15 and September 13. That’s 2.3 million installs, admits Avast.
CCleaner’s owner, Avast-owned Piriform, has sought to ease concerns. Paul Yung, vice president of product at Piriform, wrote in a post Monday: “Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process.
“The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker.
“Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.”
Previously: Hacker Stock Art