Hackers compromised free CCleaner software, Avast's Piriform says

Joann Johnston
September 20, 2017

It was shocking to read that the malware had gone undetected for almost a monthand, to date, it is estimated that close to two million users have installed the compromised software.

Piriform said that it had contacted law enforcement about the matter, adding: "At this stage, we don't want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it".

The CEO and CTO said that by updating its users about the situation, only 730,000 users are still using the affected version - and that while these users are not at risk anymore because the malware has been disabled, they should upgrade to the latest version, and will be prompted to do so by Avast via a notification. Piriform said in a blog post today that a "rogue server" configured to receive stolen data has been shut down and that "other potential servers are out of the control of the attacker".

Avast admitted that the compromised version of CCleaner was released on 15 August and went undetected by any security company for four weeks. Security researchers at Cisco Systems Inc. and Morphisec Ltd. informed Avast Software, Piriform's parent company about the breach.

CCleaner is the main product made by London's Piriform, which was bought in July by Prague-based Avast, one of the world's largest computer security vendors. As of today, the malware is only detected by very few - just one out of 64 - antivirus programs, according to the researchers.

The research team noted that the CCleaner malware abused legitimate software much in the same way as the Petya/Nyetya/NotPetya attack did in June.

'There is nothing a user could have noticed, ' said Williams.

'Saturday Night Live' Will Continue Airing Live Coast to Coast
Saturday Night Live will still be live coast-to-coast when the show returns later this month, NBC confirmed on Tuesday. SNL's Emmy wins included statuettes for Baldwin and McKinnon as well as for best variety sketch series.

Fla. nursing home never called for help as patients died
The air conditioning went out Sunday, officials said, and so they began reaching out to the governor and the power company. The facility was also advised to call 911 if they believed the patients' health and safety were at risk.

Aviation Sector Boosted as Northrop-Orbital Deal Could Spark More Mergers
But it's also possible that the global security company is also interested in amping up its presence in the space sector. The disclosure for this sale can be found here. 229,300 are owned by Renaissance Technologies Limited Liability Company.

Users who have downloaded the software recently are urged to uninstall and reinstall it - as it won't update by itself.

Craig Williams, researcher at Talos called this a sophisticated attack.

CCleaner's software, which is frequently-recommended, is used for cleaning up a PC and making it run faster.

AVAST, the anti-virus firm that owns CCleaner, has played down Cisco Talos' involvement in uncovering the recent compromise of its app as well as the number of users affected. "It might be sensible to roll-back your computer to a backup created before you installed that poisoned version of CCleaner".

Researchers discovered "backdoor code" that could have given hackers remote access to a compromised computer.

Yung said Piriform is taking detailed steps internally so that this doesn't happen again.

At this stage, it's unclear what the hackers actually planned to do with this attack.

Other reports by

Discuss This Article