Image of malware website warning above a keyboard

Photo via Christiaan Colen/Flickr (CC-BY-SA)

Hackers slip botnet malware into popular PC cleaning app CCleaner

Over 2 million CCleaner users downloaded the infected software.


Christina Bonnington

Layer 8

Posted on Sep 18, 2017   Updated on May 22, 2021, 5:05 pm CDT

It seems that nothing and no one is immune from being hacked these days.

Popular PC cleaning software CCleaner is the latest app targeted by hackers. Luckily, the breach was discovered and fixed before consumers’ computers were harmed, according to cybersecurity firm Talos Intelligence Group.

Researchers with Cisco’s Talos Intelligence Group found that CCleaner was compromised by what’s known as a “supply chain attack.” CCleaner (short for “crap cleaner”) is a utility program that cleans out unwanted files and cookies from your system to help make your PC more stable. In this case, hackers attacked the download servers used by CCleaner. For a period of time, the Talos team explains, the legitimate signed version of CCleaner 5.33 also contained a multi-stage malware payload that piggybacked on the app’s installation.

The CCleaner malware would have turned affected computers into part of a botnet, or a network of infected computers cybercriminals use to wage attacks, according to the Verge.

Talos reached out to Avast Piriform, the company behind CCleaner, on Sept. 13. The company quickly pushed out a forced update to fix the issue. Despite 2.27 million downloads of the app during the time it was compromised, right now it looks like researchers uncovered the malware (and Avast was able to disarm it) before it harmed any customers. Compromised versions of CCleaner are no longer available for download on its website and users of the app are encouraged to update to the latest version.

“This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world,” the Talos Intelligence team says.

The team also notes that because CCleaner’s compromised software still had a valid digital security signature, there may be a larger issue at hand with how security certificates are authenticated and distributed. “When generating a new cert, care must be taken to ensure attackers have no foothold within the environment with which to compromise the new certificate,” the team says.

H/T the Verge

Share this article
*First Published: Sep 18, 2017, 1:18 pm CDT