Cybersecurity research team Cisco Talos has discovered a cybersecurity attack that could affect users of Piriform’s CCleaner application. Avast owns Piriform.
Attackers hijacked and hid malware inside Piriform’s CCleaner application which was available for download between August 15 – September 12, 2017. Anyone who downloaded 5.33 version product or updated their existing product during this timeframe became infected.
On September 13, 2017, Cisco Talos notified Avast in order to take corrective action. Avast removed the version containing the malware and users could not download. Many consumers remain at risk — and will remain at risk even after updating their CCleaner software.
Avast’s CCleaner is one of the most popular PC cleaner and optimization tools to speed up PC and smartphone performance by removing unneeded/necessary files. As recently as November 2016, CCleaner boasted 2 billion downloads with a growth rate of 5 million users per week.
Once the malware was installed, attackers could potentially gain access to the user’s computer and other connected systems to steal sensitive personal data and/or credentials that could be used for online banking or other online activities.
Like the Nyetya malware in late June, in this instance attackers hacked into a legitimate, trusted application and made it malicious. These types of attacks are often successful because consumers trust that these well-known and broadly-used applications are safe. Criminals are exploiting this trust.
Because the malware remains present, even after users update the CCleaner software, Talos advises all users to wipe their entire computer — remove and reinstall everything on the machine — and to restore files and data from a pre-August 15, 2017 backup, before the current version was installed.
It is critical to remove this version of the CCleaner software and associated malware.
