Popular system maintenance tool CCleaner has been compromised by a serious malware infection, which is a particularly embarrassing incident given that the app was bought up by antivirus giant Avast back in the summer.
According to security outfit Cisco Talos, if you downloaded CCleaner version 5.33 from Avast (or used CCleaner Cloud version 1.07.3191), then it was blighted with a multi-stage malware payload.
The security firm speculates that an external attacker compromised the program’s development or build environment to insert the malware, or it could have been an insider doing the same.
The malicious code in question is a two-stage backdoor which hooks up to a command and control server, capable of running code transmitted from a remote PC with obvious potential for various nastiness. Another worrying point was that this infection apparently went undetected by the vast majority of antivirus software.
The good news is that the infected version of the software has already been pulled down, and according to Piriform, the developer of CCleaner: “The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version.”
Those using the cloud version of CCleaner have already received an automatic update to remove the exploit, and Piriform claims that “we were able to disarm the threat before it was able to do any harm”.
Even so, a large number of users could potentially have been affected given that CCleaner is reportedly downloaded 5 million times per week (and has racked up over two billion downloads since November of last year).
An investigation into how the code was inserted into the program is underway, Piriform says, and Avast is unsurprisingly involved in trying to work out what has gone on here (we’ve reached out to the latter for comment on this incident, and will update this story if we hear back).
Meanwhile, if you are running CCleaner v5.33, you need to update to the latest version of the program immediately.
- Even the best laptops need a good antivirus to defend against malware