According to news accounts, CCleaner, an application typically used for cleaning your computer for cookies and unused files or “crapware”, has been compromised by hackers. The compromise comes in the form of malware which was injected specifically on a signed version of CCleaner 5.33. The hackers took advantage of the popularity of the application and tapped into the update server so that users updating to the new version of CCleaner can be infected with the malware. What was surprising about the malware injection on CCleaner is that the application is owned by Avast, a known anti-virus company.
The malware was reportedly injected by hackers into the CCleaner app which was then distributed to users. The hack was discovered by security researchers at Cisco Talos when they saw that download servers used by Avast were compromised to distribute malware inside CCleaner. Legitimate signed version of CCleaner 5.33 distributed by Avast contained a multi-stage malware payload that rode on top of the installation of CCleaner. The malware appears to have been designed to use infected PCs as part of a botnet.
CCleaner is widely used application, with a user base in the range of billions, if the download figure of 2 billion is to be believed. The wide user base is not at all surprising since CCleaner is a very helpful cleanup tool, especially for PS users. I myself is a user of CCleaner and I have been using this software for years because of its usefulness. I make it a point that every new computer I own has CCleaner installed. In fact, it is one of the first applications I download on a new computer.
Avast claims that it was able to prevent the breach causing any harm to its customers. According to Avast, it was able to disarm the threat before it was able to do any harm. Even if this is the case, the right thing to do is not to download CCleaner at this point and to just wait until the issue is addressed completely. If you are already running CCleaner, just ensure that you do not update to CCleaner version 5.33 as this appear to be the compromised version of the software. If you have auto-update on, make sure that you turn it off for CCleaner. For new users, make sure not to download CCleaner until the issue is fully resolved.
Hackers have resorted to new innovative methods in distributing malicious programs instead of attacking PCs directly. One of the new ways is to use distribution systems of widely used and traditionally trusted software vendors. This was also the method used by distributors of Petya ransomware when it breached the update servers of the company MeDoc.
Source: The Verge