Hackers compromised free CCleaner software, Avast's Piriform says

Joann Johnston
September 20, 2017

It was shocking to read that the malware had gone undetected for almost a monthand, to date, it is estimated that close to two million users have installed the compromised software.

Piriform said that it had contacted law enforcement about the matter, adding: "At this stage, we don't want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it".

The CEO and CTO said that by updating its users about the situation, only 730,000 users are still using the affected version - and that while these users are not at risk anymore because the malware has been disabled, they should upgrade to the latest version, and will be prompted to do so by Avast via a notification. Piriform said in a blog post today that a "rogue server" configured to receive stolen data has been shut down and that "other potential servers are out of the control of the attacker".

Avast admitted that the compromised version of CCleaner was released on 15 August and went undetected by any security company for four weeks. Security researchers at Cisco Systems Inc. and Morphisec Ltd. informed Avast Software, Piriform's parent company about the breach.

CCleaner is the main product made by London's Piriform, which was bought in July by Prague-based Avast, one of the world's largest computer security vendors. As of today, the malware is only detected by very few - just one out of 64 - antivirus programs, according to the researchers.

The research team noted that the CCleaner malware abused legitimate software much in the same way as the Petya/Nyetya/NotPetya attack did in June.

'There is nothing a user could have noticed, ' said Williams.

Time to Reconsider Aerie Pharmaceuticals Inc (AERI) After Making 52-Week High?
It has outperformed by 163.50% the S&P500.The move comes after 8 months positive chart setup for the $2.09 billion company. Deutsche Bancorporation Ag holds 0.02% of its portfolio in Aerie Pharmaceuticals Inc (NASDAQ:AERI) for 758,142 shares.

Equifax breach leads to CIO and CSO out
But it came down to a flaw in a tool created to build web applications, the company said in a press release this week. Equifax CEO Richard Smith is due to testify in front of Congress in just a few weeks at the beginning of October.

Caterpillar, Inc. (CAT) Hits a New 52-Week High
Berenberg initiated Hershey Co (NYSE:HSY) rating on Thursday, January 5. (NYSE: CAT ), 11 have Buy rating, 4 Sell and 13 Hold. Caterpillar Inc. (CAT ) belonging to the Industrials sector has surged 2.03% and closed its last trading session at $123.83.

Users who have downloaded the software recently are urged to uninstall and reinstall it - as it won't update by itself.

Craig Williams, researcher at Talos called this a sophisticated attack.

CCleaner's software, which is frequently-recommended, is used for cleaning up a PC and making it run faster.

AVAST, the anti-virus firm that owns CCleaner, has played down Cisco Talos' involvement in uncovering the recent compromise of its app as well as the number of users affected. "It might be sensible to roll-back your computer to a backup created before you installed that poisoned version of CCleaner".

Researchers discovered "backdoor code" that could have given hackers remote access to a compromised computer.

Yung said Piriform is taking detailed steps internally so that this doesn't happen again.

At this stage, it's unclear what the hackers actually planned to do with this attack.

Other reports by

Discuss This Article