All you wanted was a faster computer. You thought that by downloading CCleaner, a popular and free app for optimizing PC performance, you’d sweep out those digital cobwebs and be zipping around your trusty Windows machine at lightening speeds in no time.
But then CCleaner was compromised by hackers, and you learned that by installing it, you may have actually loaded malware onto your computer.
Thankfully for you, it’s easy to find out if your PC is potentially one of the likely millions affected by this breach. Also falling squarely in the “good news” category is the fact that if your device was infected, you can clean it right up. However, sorry to say, it’s going to be a pain. Oh, and some damage may have already been done.
Checking your computer
First things first: How to determine if you’re at risk? According to Cisco Talos, the cybersecurity team that discovered CCLeaner was compromised, the malicious payload was delivered between August 15, 2017 and September 12, 2017. So if during that window of time you moseyed on over to Piriform’s (the company that makes CCLeaner) website and downloaded the software, you’re probably in trouble.
Also, if you updated your CCleaner software during that almost month-long block of time, things are not looking good. Piriform issued a statement saying that versions 5.33.6162 and 1.07.3191 were impacted, so updating to either of those would have put you at risk.
Check that version number.
Image: Cisco Talos
To see what version of the software you’re running, open it up and look in the upper-left corner. The version number will display, and if it’s not one of the two listed above you’ve likely been spared. If it is one the two listed, you’re out of luck.
What to do next
Regardless of what version you’re running, you should make sure your CCleaner is currently up to date.
“Users of our cloud version have received an automated update,” the company said in its statement. “For all other users, if you have not already done so, we encourage you to update your CCleaner software to version 5.34 or higher, the latest version is available for download here.“
However, if you want to be extra sure the malware isn’t hiding out on your computer, Cisco Talos suggests taking things a step further.
“Affected systems need to be restored to a state before August 15, 2017 or reinstalled,” the company explains in a blog post. “Users should also update to the latest available version of CCleaner to avoid infection.”
That’s right: you need to restore your computer to a point over a month ago. And then, of course, double check to make sure that your CCleaner is up to date.
How bad is this breach?
How scared you should be about this malware all depends on who you ask. Piriform, perhaps unsurprisingly, says everything is taken care of and you can just update and chill.
“Before delving into the technical details, let me say that the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version,” VP of Products Paul Yung wrote in a company release. “Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.”
But wait, it may not be all good.
“The impact of this attack could be severe given the extremely high number of systems possibly affected,” explained Talos. “CCleaner claims to have over 2 billion downloads worldwide as of November 2016 and is reportedly adding new users at a rate of 5 million a week. If even a small fraction of those systems were compromised an attacker could use them for any number of malicious purposes.”
In short, check if your version was compromised, restore and update as necessary, and hope for the best. Oh, and while you’re in the process of updating, maybe reconsider installing third-party software like CCleaner in the first place.