Beware! Your Favorite Windows Utility May Have Infected Your Computer

Beware! Your Favorite Windows Utility May Have Infected Your Computer

Beware! Your Favorite Windows Utility May Have Infected Your Computer

The version of CCleaner tried to connect to several unregistered web pages, presumably to download other programmes.

Piriform, which develops the CCleaner software created to remove unwanted files from Android phones and Windows PCs, said it had identified "suspicious activity" in two versions of the program which it found had been "illegally modified".

A security company has been forced to apologise to its users after its software was compromised by malicious hackers. Since Ccleaner does not update itself, users of version 5.33.6162 (and version 1.07.3191 of Ccleaner Cloud) will continue to be at risk unless they delete the software and download the latest version, which contains no malicious code.

It turns out you can't even trust your own antivirus provider not to infect your computer with malware.

"We have no indications that any other data has been sent to the server", it writes. They will also need to update to the latest version of CCleaner 5.34.

The free version of the CCleaner software does not update automatically, the blog post said. It can also allow other forms of malware, such as ransomware and keyloggers, to make their way onto a victim's computer. It's not clear exactly how many CCleaner uses were affected by the breach, but Talos reports that around 5 million people download it each week.

Because CCleaner has suffered a "security incident" which saw users updated with a legitimate digitally-signed version of the software which opened a malicious backdoor. CCleaner users have received a notification to update to a new version, but Monday's warning is the first time they've been told why.

More news: Musk Shares SpaceX Blooper Video On How Not To Land Rockets

According to Pirform, Avast discovered the the two products were compromised on 12 September.

CCleaner was developed by Piriform, which was bought by security company Avast earlier this year, prior to the recent update that contained malware.

The Talos team further analyzed the CCleaner file, and although the file was correctly signed by the vendor, CCleaner was not the only application being downloaded on users' systems. Now, it's easier to attack the download source, gaining access into legitimate servers.

"A suspicious activity was identified on September 12 2017, where we saw an unknown IP address receiving data from software found in version 5.33.6162 of CCleaner, and CCleaner Cloud version 1.07.3191, on 32-bit Windows systems".

"We are continuing to investigate how this compromise happened, who did it and why".

The flagged executable was signed with a valid digital certificate issued to Piriform, but came with an additional payload.

"At this stage, we don't want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it", Yung stated.

Related news