Hackers Compromises CCleaner Free Software

Shawn Lopez September 18, 2017
Hackers Compromises CCleaner Free Software

British company Piriform’s free software was compromised by hackers, giving them access to control millions of devices behind closed doors, the company and independent researchers said on Monday.

The malicious program was slipped into legitimate software called CCleaner, which is downloaded to personal computers and Android phones as often as 5 million times a week. It cleans up junk programs and advertising cookies to speed up devices.

The affected app software is run by a subsidiary of anti-virus giant Avast, has 2 billion downloads and claims to be getting 5 million extra a week, making the threat particularly severe, researchers at Cisco Talos warned.

Comparing it to the NotPetya ransomware outbreak, which spread after a Ukrainian accounting app was infected, the researchers discovered the threat on September 13 after CCleaner 5.33 caused Talos systems to flag malicious activity.

"There is nothing a user could have noticed," Talos researcher Craig Williams said, noting that the optimization software had a proper digital certificate, which means other computers automatically trust the program.

CCleaner is the main product made by London's Piriform, which was bought in July by Prague-based Avast, one of the world’s largest computer security vendors. At the time of the acquisition, the company said 130 million people used CCleaner.

A version of CCleaner downloaded in August included remote administration tools that tried to connect to several unregistered web pages, apparently to download additional unauthorized programs, security researchers at Cisco's Talos unit said.

Avast, Piriform’s new parent company, had uncovered the attacks on September 12. A new, uncompromised version of CCleaner was released the same day and a clean version of CCleaner Cloud was released on September 15, it said.

The nature of the attack code suggests that the hacker won access to a machine used to create CCleaner, Williams said.

CCleaner does not update automatically, so each person who has installed the problematic version will need to delete it and install a fresh version, he said.

Williams said Talos detected the issue at an early stage, when the hackers appeared to be collecting information from infected machines, instead of forcing them to install new programs.

Piriform said it had worked with U.S. law enforcement to shut down a server located in the United States to which traffic was set to be directed. It said the server was closed down on Sept. 15 "before any known harm was done".

You must be armed to the teeth with the best and most useful knowledge in trading. Visit Bworld Review to turn yourself into a sharper and wiser investor!

Shawn Lopez


Sign up to our daily newsletter and get the latest scoop in the tech market!