Cyber security researchers recently discovered that legitimate and signed copies of CCleaner for Windows 5.33 and CCleaner Cloud 1.07 had been infected with a multi-stage malware payload. The infected software was distributed by CCleaner’s parent company, Avast Antivirus.
According to Avast, approximately 2.27 million users are running an infected version of their CCleaner software. More users could be infected, as CCleaner sees five million additional users per week, with total downloads north of two billion since November 2016.
Cybersecurity researchers learned that the first instances of abnormal CCleaner behavior happened with the previous version (5.33), which was made available to the public on 15th August 2017. The researchers notified Avast of the breach on the day it was discovered (13th September). The malicious copy of the program was certified and signed merely 15 minutes after the original, uninfected version was available to the public.
The hidden malware payload was designed to send encrypted information from the victim’s computer to the hacker’s servers. As a multi-stage malware, the infected software also serves a backdoor for the hackers to conduct other deadlier attacks. You can read up about the malware’s technicalities from the cybersecurity researchers who discovered the threat – Cisco Talos.
Users of CCleaner for Windows are advised by Piriform Ltd, Avast’s CCleaner subsidiary, to uninstall their CCleaner version 5.33 apps. The latest, hopefully, uncompromised version of CCleaner can be found here (version 5.34).