CCleaner Compromised by Hackers - Update Immediately

John Lister's picture

Users of the popular CCleaner optimization software have been urged to immediately update the program. The software was recently compromised by hackers for almost a month, though it does not yet appear they did any damage.

The warning to update is particularly important because CCleaner doesn't automatically update - though it does tell users when a new version is ready. The compromised versions were the 32-bit editions of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191. User who currently have these versions should uninstall them immediately, then get the latest copy from the website of manufacturers Piriform. If you own an older version of CCleaner, it is not affected.

Software Compromised At Source?

It's reported that hackers gained access to one of the computers used to compile CCleaner (from programming code to Windows executable), rather than hacking the site used to distribute the software. That meant compromised versions appeared genuine and didn't trigger security alerts such as those in Windows that aim to catch bogus software before it can run.

Piriform says the compromised editions were released on August 15 and August 24 and an estimated 2.27 million people used these editions. It discovered the problem on September 12 and released a new version of CCleaner the same day, plus a new version of CCleaner Cloud three days later. (Source: piriform.com)

According to Piriform, the rogue version of the software had the ability to send the following details about the user's computer to a third party:

  • Network name
  • IP address
  • List of installed software
  • List of software that was actively running
  • List of network adapters

No Sign Of Malware Attack

Security researchers at Cisco say the modifications to the rogue editions included the ability to download and install further software, but there's no evidence this was used. Piriform's parent company Avast (makers of Avast! antivirus) say it scanned computers that had both Avast security software and CCleaner and found no sign of malware. (Source: forbes.com)

The most likely explanation was that the hackers wanted to use the data gathered from computers to put together a targeted list to do maximum damage with malware, but were cut off before they could proceed to the next stage of the attack.

What's Your Opinion?

Do you use CCleaner? Has this incident damaged your trust in the company? Are you happy it has done enough to both tackle the threat and keep users informed?

Rate this article: 
Average: 4.9 (7 votes)

Comments

doulosg's picture

I haven't used CCleaner since Windows XP. As my Win10 system calcifies I might be looking at a cleanup utility in the near future. This situation may steer me away from CCleaner/Piriform, but so will the knowledge that they are associated with Avast. Avast seems to have a decent product, but it hogs my phone's CPU. It also seems to close good programs that I have running, without telling me. The ad-supported version displays ads - usually for other Avast products - in a way that makes the ads look like parts of the program. I understand the point of ad-support, but not to the point of tricking users into buying the advertised products.

anniew's picture

I run CCleaner every night and have trusted it to clean up what Chrome and Firefox leave behind. Even though both of those browsers are marked to clean up history, etc. from each use, they leave a lot that CCleaner finds. This development makes me uneasy since I use Avast also, but both have performed well up to now. The good news is that the problem was apparently discovered before harm could be done, we hope!!

ecash's picture

Iv used this and a few others to clean systems..
I WILL be watching how Avast keeps it up, or until they start charging for it..

Its a program that CLEANS sections you want cleaned..
Its easy on the registry, which means it SHOULD NOT destroy it..

But it interesting that a few people are mentioning that IT COULD have been internal. That someone inserted it after it Changed hands..

Any company that BUYS a program and does not OPEN IT, and examine every thing, upon purchase is KINDA STUPID...but even if they DID, something had to be inserted...BUT where and HOW...is the big question..

And if the security of this program is a problem...IT WONT LAST LONG..

sytruck_8413's picture

I've used CCleaner for years. Just deleted everything using another fav Revo Uninstaller. Two machines it found leftover stuff, two it didn't.

bettystaton_9902's picture

I had not heard of the problem until Tues. morning when Malwarebytes (Premium), daily auto scan, picked it up – marked as: Trojan.Floxif.

I have used CCleaner for years and never had a problem with security issues with it so was surprised to see it listed. I decided on the quarantine option and after reading your article am happy I did.

I downloaded the latest version and will continue to use it unless it continues to pop up in a security scan.

Betty

alantcus_5318's picture

Had experience similar to bettystatton_9902. Malware Protection turned off without explanation. When I submitted a ticket to Malwarebytes and got it working again, Threat scan revealed Trojan.Floxif in CCsetup533.exe, quarantined it and removed it on reboot. I have used the free version of CCleaner for years on both Windows7 and iMac systems without incident. Hope this is a one-time incident.

anniew's picture

After my initial comment, I read several articles, ran Malwarebytes, and it found 2 traces of the trojan. (I already had version 35, the updated CCleaner.) I clicked remove, ran Malwarebytes again and nothing was found. BUT now I'm wondering if something was done to the registry that I don't know about? Anyone else found that more needed to be done?