If you use CCleaner for Windows, update the application immediately because a backdoor for hackers has been installed on the software. This malware then allows them to install other dangerous programs, like ransomware or key loggers, onto the infected machines. According to Avast, who own CCleaner, 2.27 million users could have been affected by this incident. Avast are quick to add, however, that users should not worry.
CCleaner is a file cleaning tool that has been downloaded 2 billion times and averages about 5 million downloads a week. Cisco Talos, who discovered the vulnerability, raised the alarm on September 13th when version 5.33 of CCleaner triggered their detection systems.
The affected version of CCleaner, that has the malware, was launched on August 15th but the latest version, version 5.34, which arrived on 12th September no longer has the problem. This is why it is important to update immediately if you’re not using the latest version of CCleaner.
Piriform, the Avast subsidiary has called for calm. Piriform also informed users that CCleaner Cloud (web version of CCleaner) version 1.07.3191 had also been infected by the same malware but that it has since been updated and the problem has already been solved.
“In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.”
Piriform explained that the malware was preparing a second phase that would do something “bigger” but that they were able to shut it down before the second phase could launch.
Some experts don’t share Piriform’s calm outlook, however. Martijn Grooten, Editor at Virus Bulletin said:
“This is very serious. Of course, it may be that they really only stole … ‘non-sensitive data’ … but it could be useful in follow-up targeted attacks against specific users.”
The Cisco Talos blog spoke in a similar pessimistic tone:
“Supply chain attacks are a very effective way to distribute malicious software into target organizations. This is because with supply chain attacks, the attackers are relying on the trust relationship between a manufacturer or supplier and a customer. This trust relationship is then abused to attack organizations and individuals and may be performed for a number of different reasons.”
Nobody knows how the hackers have been able to pull this off. Talos suspect that it could even have been a Piriform employee.