Malware Embedded in CCleaner Tool Puts Millions at Risk

Malware Embedded in CCleaner Tool Puts Millions at Risk 620 360 C-Suite Network
malware-backdoor

Malicious code has been discovered in two versions of Piniform’s CCleaner housekeeping utility, the company disclosed on Monday. Piniform is owned by Avast, whose security products are used by more than 400 million people.

The malware infecting CCleaner could give hackers control over the devices of more than 2 million users. CCleaner is designed to rid computers and mobile phones of junk, such as unwanted applications and advertising cookies.

Two versions of the program were modified illegally before they were released to the public, Piniform said.

However, the threat has been neutralized, according to Piniform Vice President Paul Yung, who explained that the rogue server the hackers used to control the code is down, and other servers no longer are in the attackers’ control.

All users who downloaded the infected version of the program for Windows, CCleaner v5.33.6162, have received the latest version of the software. Users of CCleaner Cloud version 1.07.3191 have received an automatic update.

“In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm,” Yung said.

Machine Wipe Recommended

Despite those reassurances from Piniform, more drastic action may be necessary, suggested Craig Williams, the senior technical leader at Cisco Talos.

“Because the malware remains present, even after users update the CCleaner software, Talos advises all users to wipe their entire computer — remove and reinstall everything on the machine — and to restore files and data from a pre-August 15, 2017 backup, before the current version was installed,” he told the E-Commerce Times.

“It is critical to remove this version of the CCleaner software and associated malware since its structure means it has the ability to hide on the user’s system and call out to check for new malware updates for up to a year,” Williams explained.

Beyond the immediate threat, there may be problems with data loss, noted Morey Haber, vice president of technology at BeyondTrust.

“While the…