Hackers have managed to compromise a popular PC cleanup tool, CCleaner by Avast. More than 2.21 million people have installed the infected app. CCleaner also known as “crap cleaner”, promises to clean up your system for enhanced performance.
According to security firm Cisco Talos, hackers effectively “bundled” malware in with a recent version of CCleaner that allowed them to potentially get access to the user’s computer and other connected systems, to steal personal data or credentials. Cisco researchers stated that the hacker likely had high-level access to CCleaner development environment and it is currently unclear whether the operation was carried out by an outside hacker or a malicious insider.
We would like to apologize for a security incident that we have recently found in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. A suspicious activity was identified on September 12th, 2017, where we saw an unknown IP address receiving data from software found in version 5.33.6162 of CCleaner, and CCleaner Cloud version 1.07.3191, on 32-bit Windows systems. Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public.
The bug affects anyone who downloaded CCleaner version 5.33 or updated their version between August 15 and September 12. CCleaner 5.33 has been removed from the official servers, and is no longer available to download. The company is urging users to upgrade to version 5.34 or higher (which it says is available for download here). Users of CCleaner Cloud version 1.07.3191 have received an automatic update. The latest hack has tainted users’ trust in antivirus software tools as their main job is to keep your device out of malware.