September 19th 2017
CCleaner* users are warned to immediately install the latest version of the software and perform a system scan. The tool, used by millions to keep their Windows PCs running smoothly, has been the subject of a malware infection which compromises the security of the machines it is installed on. The tool is described by its supplier as "the number-one tool for cleaning your PC”.
The hack – which was discovered by Cisco’s Talos Intelligence research team on September 12th – was caused by supplier Piriform’s download servers being compromised sometime between August 15th and the date it was uncovered. The Trojan that was loaded into the download package sent what the company calls “non-sensitive data” from infected PCs back to a server located in the US. This includes computer name, IP address, list of installed software and lists of active software and network adapters.
According to Piriform, which has recently been acquired by security firm Avast, 2.27 million Windows PCs were affected. It believes the 32-bit Windows version 5.33.6162 of CCleaner and version 1.07.3191 of CCleaner Cloud were modified illicitly before their release to users. In a blog post, it added: “We believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm” (the hacker’s command and control server has been taken down, which Piriform hopes has prevented the infection being used to inflict further damage).
Any machine using the 32-bit Windows version of CCleaner may have been compromised. However, the free version of the tool does not feature automatic updates so machines loaded with this version appear to be substantially more at risk. Nonetheless, all users should update straight away.
Piriform has apologised for the situation and offers the following advice:
All users should update CCleaner to version 5.34 or higher. The newest version can be downloaded here.
Get Safe Online's advice
– As well as upgrading to the latest version, use your up-to-date security software to perform a full security scan on your Windows PC if it has been loaded with CCleaner
General advice on downloading software and updates:
– Where possible, set software and operating systems to update automatically.
– Get the best version of software – including security software – that you can afford.
– Always use the genuine app stores when downloading new apps.
– If you receive update notifications out of the blue, first check that you do indeed have the software/app loaded, then go to the supplier’s official website to check directly for the latest updates.
– Be wary of pop-ups informing you that your PC or other device is infected with malware, and offering a remedy. These are often fraudulent and if clicked on, lead to malware infections, sometimes also charging you.
– Use only well-known, reputable internet security and computer clean-up software. If you are not sure, check reviews or speak to a reputable retailer or someone you trust that has computer knowledge.
Tony Neate, CEO of Get Safe Online, says: “It’s ironic that a tool which is trusted by millions to perform good routine housekeeping on their Windows PCs – including helping to protect their privacy – could now be planting illicit software on their machines which compromises it.
“In this particular case, it would be difficult for a user to detect that they had downloaded a version of the manufacturer’s own software that was infected. However, it does reinforce our advice about setting up automatic updates for all your software and operating systems, and having the best security that you can afford in order to avoid problems.”
*CCleaner is a software tool designed to optimise Windows PCs by removing extraneous software and browser data. Both free and paid-for versions claim to speed up computers and provide privacy protection, whilst paid versions also feature real-time monitoring, scheduling, automatic updates and enhanced support.
CCleaner Cloud is the online version of the tool, which Piriform says has already been updated to eliminate the malware.