Hackers have successfully compromised CCleaner, the popular system maintenance tool’s app by injecting malware into it and then distributed it to millions of users. Reported by security researchers at Cisco Talos, the hackers breached the download servers used by Avast to give away this malware inside CCleaner. Given that the app was bought up by Avast back in the summer, this incident is quite embarrassing.
If you’re running CCleaner v5.33, you need to immediately update it
“For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,” says the Talos team.
According to Avast, this tool has been downloaded more than two million times, which made it a popular target for the hackers. Named as “crap cleaner,” this tool is created to remove cookies while offering some web privacy protections. This breach affected 2.27 million users. However, Avast Piriform thinks it was able to impede the attack harming customers.
“Piriform believes that these users are safe now as its investigation indicates it was able to disarm the threat before it was able to do any harm,” says an Avast spokesperson.
The code that attacked CCleaner is a two-stage backdoor that attaches to a command and control server, able to run code sent from a remote PC. The most concerning fact was that the vast majority of antivirus software failed to detect the infection. An investigation is going on to find out how the code was inserted into the program. If you’re running CCleaner v5.33, you need to immediately update it.