CCleaner gets hit by a nasty malware infection

Popular system maintenance tool CCleaner has been compromised by a serious malware infection, which is a particularly embarrassing incident given that the app was bought up by antivirus giant Avast back in the summer.

According to security outfit Cisco Talos, if you downloaded CCleaner version 5.33 from Avast (or used CCleaner Cloud version 1.07.3191), then it was blighted with a multi-stage malware payload.

  • Fortunately, the Surface Pro 4 has fine alternative solutions built-in

The security firm speculates that an external attacker compromised the program’s development or build environment to insert the malware, or it could have been an insider doing the same.

The malicious code in question is a two-stage backdoor which hooks up to a command and control server, capable of running code transmitted from a remote PC with obvious potential for various nastiness. Another worrying point was that this infection apparently went undetected by the vast majority of antivirus software.

Threat resolved

The good news is that the infected version of the software has already been pulled down, and according to Piriform, the developer of CCleaner: “The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version.”

Those using the cloud version of CCleaner have already received an automatic update to remove the exploit, and Piriform claims that “we were able to disarm the threat before it was able to do any harm”.

According to Avast, 2.27 million people used the affected software - those running v5.33.6162 on the 32-bit version of Windows. The number of users with v5.33.6162 is now down to 730,000. Avast reiterated that it believes all users are safe as the threat has been disarmed.

An investigation into how the code was inserted into the program is underway, Piriform says, and Avast is unsurprisingly involved in trying to work out what has gone on here.

Meanwhile, if you are running CCleaner v5.33, you need to update to the latest version of the program immediately.

  • Even the best laptops need a good antivirus to defend against malware