Hackers compromised free CCleaner software, Avast's Piriform says

Joann Johnston
September 20, 2017

It was shocking to read that the malware had gone undetected for almost a monthand, to date, it is estimated that close to two million users have installed the compromised software.

Piriform said that it had contacted law enforcement about the matter, adding: "At this stage, we don't want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it".

The CEO and CTO said that by updating its users about the situation, only 730,000 users are still using the affected version - and that while these users are not at risk anymore because the malware has been disabled, they should upgrade to the latest version, and will be prompted to do so by Avast via a notification. Piriform said in a blog post today that a "rogue server" configured to receive stolen data has been shut down and that "other potential servers are out of the control of the attacker".

Avast admitted that the compromised version of CCleaner was released on 15 August and went undetected by any security company for four weeks. Security researchers at Cisco Systems Inc. and Morphisec Ltd. informed Avast Software, Piriform's parent company about the breach.

CCleaner is the main product made by London's Piriform, which was bought in July by Prague-based Avast, one of the world's largest computer security vendors. As of today, the malware is only detected by very few - just one out of 64 - antivirus programs, according to the researchers.

The research team noted that the CCleaner malware abused legitimate software much in the same way as the Petya/Nyetya/NotPetya attack did in June.

'There is nothing a user could have noticed, ' said Williams.

Microsoft adds its gaming chief to its Senior Leadership Team
He's also led the expansion of cross-platform gaming with Xbox Live, which now counts more than 50 million monthly active users. Spencer was named head of Xbox in March 2014 , just after Nadella became CEO, replacing previous leader Marc Whitten.

LSU's Phi Delta Theta Fraternity suspended after potential hazing death
Clark said the hospital tests will be confirmed in detail through additional toxicology tests. Officials confirmed that the student, Maxwell Gruver, died shortly afterward.

Woman, three children injured in Dublin fire
The scene has been sealed off for a technical examination, and an investigation into the cause of the blaze is underway. The woman, who is in her 30s, was taken to St James Hospital where she remains in a critical condition.

Users who have downloaded the software recently are urged to uninstall and reinstall it - as it won't update by itself.

Craig Williams, researcher at Talos called this a sophisticated attack.

CCleaner's software, which is frequently-recommended, is used for cleaning up a PC and making it run faster.

AVAST, the anti-virus firm that owns CCleaner, has played down Cisco Talos' involvement in uncovering the recent compromise of its app as well as the number of users affected. "It might be sensible to roll-back your computer to a backup created before you installed that poisoned version of CCleaner".

Researchers discovered "backdoor code" that could have given hackers remote access to a compromised computer.

Yung said Piriform is taking detailed steps internally so that this doesn't happen again.

At this stage, it's unclear what the hackers actually planned to do with this attack.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER