- Joined
- Aug 29, 2001
- Messages
- 41,825
- Reaction score
- 12,523
Not sure if you guys have heard about this, see it on HUKD
It looks like the software has been hacked with around 2 million people compromised.
The hack has targeted two versions of CCleaner that were released in August.
"For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner," researchers explained. "On September 13, 2017, Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities.
We estimate that 2.27 million users had the v5.33.6162 software, and 5,010 users had the v1.07.3191 of CCleaner Cloud installed on 32-bit Windows machines. We believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm.
There is no indication or evidence that any additional malware has been delivered through the backdoor. In the case of CCleaner Cloud, the software was automatically updated. For users of the desktop version of CCleaner, we encourage them to download and install the latest version of the software.
Given the presence of this compilation artifact as well as the fact that the binary was digitally signed using a valid certificate issued to the software developer, it is likely that an external attacker compromised a portion of their development or build environment and leveraged that access to insert malware into the CCleaner build that was released and hosted by the organisation. It is also possible that an insider with access to either the development or build environments within the organisation intentionally included the malicious code or could have had an account (or similar) compromised which allowed an attacker to include the code."
Clean versions of CCleaner (12th September) and CCleaner Cloud (15th September) have now been released.
Hackers compromised free CCleaner software, Avast's Piriform says
It looks like the software has been hacked with around 2 million people compromised.
The hack has targeted two versions of CCleaner that were released in August.
- CCleaner v5.33.6162
- CCleaner Cloud v1.07.3191
"For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner," researchers explained. "On September 13, 2017, Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities.
We estimate that 2.27 million users had the v5.33.6162 software, and 5,010 users had the v1.07.3191 of CCleaner Cloud installed on 32-bit Windows machines. We believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm.
There is no indication or evidence that any additional malware has been delivered through the backdoor. In the case of CCleaner Cloud, the software was automatically updated. For users of the desktop version of CCleaner, we encourage them to download and install the latest version of the software.
Given the presence of this compilation artifact as well as the fact that the binary was digitally signed using a valid certificate issued to the software developer, it is likely that an external attacker compromised a portion of their development or build environment and leveraged that access to insert malware into the CCleaner build that was released and hosted by the organisation. It is also possible that an insider with access to either the development or build environments within the organisation intentionally included the malicious code or could have had an account (or similar) compromised which allowed an attacker to include the code."
Clean versions of CCleaner (12th September) and CCleaner Cloud (15th September) have now been released.
Hackers compromised free CCleaner software, Avast's Piriform says