CCleaner Was Distributing Malware for a Month

CCleaner, a popular piece of security software with a squeaky clean reputation, was distributing malware for the best part of a month. Although Piriform has disarmed the threat, anyone using the affected version of CCleaner is being urged to update the software at their earliest convenience.

Over time, computers get clogged up with lots of unnecessary crap. Cookies, temporary internet files, and outdated Windows Registry entries How to Reset the Windows Registry to Default How to Reset the Windows Registry to Default If you’ve messed up the Windows Registry, hopefully you have a backup. If not, you have a short list of options to fix the problem. Read More , to name just three. CCleaner exists to clean this crap away, with the C in the name standing for “Crap”. Unfortunately, CCleaner has been delivering its own form of crap of late.

Hackers successfully managed to modify recent versions of CCleaner and CCleaner Cloud for 32-bit Windows systems. According to Piriform, the developer of CCleaner, this meant that CCleaner v5.33 and CCleaner Cloud v1.07 contained “a two-stage backdoor capable of running code received from a remote IP address on affected systems”.

Once delivered to users, the payload collected information about the system on which it was present. This includes the name of the computer, a list of installed software, a list of running processes, and the MAC addresses IP and MAC Address: What Are They Good For? IP and MAC Address: What Are They Good For? The internet isn’t so different from the regular postal service. Instead of a home address, we have IP addresses. Instead of names, we have MAC addresses. Together, they get the data to your door. Here’s… Read More of network adapters. This information was encoded and delivered to an external IP address.

Piriform noticed suspicious activity on September 12, and immediately launched an investigation. The rogue server is now down, and other potential servers are “out of the control of the attacker”. Piriform is also endeavoring to move everyone using CCleaner v5.33 to the latest malware-free version.

What isn’t yet clear is how this rogue code made its way into the official version of CCleaner in the first place. The investigation is ongoing, and Avast, which acquired Piriform in July 2017, is promising to move the entire product build environment to “a more robust, secure infrastructure” in the future.

In case it isn’t obvious, you should update CCleaner right now to ensure you’re not running the compromised version. But beyond that there’s very little us mere mortals can do to safeguard against this kind of sophisticated attack Can Cybersecurity Keep Up? The Future of Malware and Antivirus Can Cybersecurity Keep Up? The Future of Malware and Antivirus Malware is constantly evolving, forcing antivirus developers to maintain pace. Fileless malware, for instance, is essentially invisible — so how can we defend against it? Read More . It’s really up to the developers to ensure their own products aren’t being modified.

Did you have the affected versions of CCleaner or CCleaner Cloud installed on your computer? Have you now updated to the latest version? Are you shocked at the ease with which hackers pulled this off? Does it change your opinion of CCleaner, Piriform, or Avast? The comments are open below…

Image

Credit: Exile on Ontario Street via Flickr

Dave Parrack is a journalist from the UK. Growing up at a time when the internet was blossoming inspired his fascination with technology. With 10 years experience writing online, he’s currently the Tech News writer and Entertainment editor at MakeUseOf. You can follow him at About.me.

Affiliate Disclosure: By buying the products we recommend, you help keep the lights on at MakeUseOf. Read more.

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

Leave a Reply

Your email address will not be published. Required fields are marked *