Popular PC Maintenance Program, CCleaner, Hacked and Installed Malware on 2B Devices

Update 9/22/2017: Avast representative has made the following statement:

“We believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm.  We estimate that 2.27 million users had the affected software installed on 32-bit Windows machines.”

The estimated users impacted is far less than the original two billion impacted.

Malware Included in Recent CCleaner Update

CCleaner, a popular computer maintenance program that is used to clear cookies, temporary internet files, and browsing histories included malware in two of its recent versions.  The impacted users are those who downloaded the 1.07.319 and 5.33 versions of CCleaner.  The malicious versions of the program have been available since August 15, 2017.  It is currently projected, two billion malicious downloads occurred.

Bleeping Computer reported,

“The malware collected information such as computer name, a list of installed software, a list of running processes, media access control (MAC) addresses for the first three network interfaces, and unique IDs to identify each computer in part. Researchers noted that the malware only ran on 32-bit systems. The malware also quit execution if the user was not using an administrator account.”

Not only was malware included in the update, but a malicious backdoor was left open leaving the ability for additional malware to execute.  However, to date, additional malware has not exploited this vulnerability.

If you are currently running CCleaner, please confirm which version is installed on the device.  It is recommended users update the program to the version 5.34 immediately.  The malware included in versions 1.07.319 and 5.33 is within the the particular version of the program– therefore, updating to version 5.34 or higher will remove the malware.

The program, is distributed through Piriform, a company recently acquired by the security solution Avast.  To access the latest version 5.34 of CCleaner, you may go to Piriform’s forums, available here.

(Visited 19,508 times, 1 visits today)

19 thoughts on “Popular PC Maintenance Program, CCleaner, Hacked and Installed Malware on 2B Devices

  1. Implied impacts (better wording for affects or effects) insinuation, implication, hint, suggestion, intimation, overtone, whisper, allusion, nuance, reference, imputation, aspersion, and slur, is all contained in the original post and updates.
    – Anyone else want to have a go at CCleaner ?

    Then Kaspersky hoped on the bandwagon to get free advertising exposure, which should have been deleted from this Topic as it has nothing to do with the Topics Headline or CCleaner.

    On top of all this the 2 billion and 2.27 million number crunching bandied around suggesting the impact on Users PC systems using CCleaner where just thrown in without first investigating and then analysing the facts of the actual numbers that may have been compromised or taking into account that they would most likely have an Internet Security / Anti-Virus installed on their systems which would have detected and killed the malware infection while the installation file was downloaded..

    That CCleaner was infected with Malware and that this occurred at Avast’s premises, one may ask (As Len did and the report from Bleeping Computer did not answer the question) “how did malware get included with the update in the first place?” and “Why did Avast have these codes?”
    – A reply from Avast is expected !!!

    That there is no honour or any form of ethical conduct in the Anti-Virus Industry should be of no surprise to Users of computers and the “Internet Security” as it is now referred to is the biggest protection racket involving an estimated $8.1 billion annual revenue for the publishers of the Internet Security Programs. Not a bad split and there is no wonder that there is no honour among thieves’ and any opportunity to slur the other guy and hype up the event is common practice.

    After 36+ years in the IT Industry I could say, “I’ve been there, done that, never thought I knew it all, and nothing surprises me anymore”. My advice is “Read between the lines, ask yourself who is publishing the warnings, does it involve a rival Company, and search the Internet for similar notifications, and best of all contact the accused Individual or Company and ask them to clarify the issue.”

    Yes I use CCleaner and have done so on all My OS” and versions thereof since 2003. Still run v1.41.544 on my Windows 95C workstation and the latest v5.35.6210 on all the others.

    Users of CCleaner originally called “CrapCleaner” and as this was offensive in the USA it was changed to CCleaner, fail to read the instructions and help, subsequently fail to setup the options correctly and therefore most likely use it incorrectly without understanding the consequences of their ignorance.
    – Perform all updates manually and have the “Automatically check for updates” checkbox ticked so you get notifications of newer versions, download it, have your Internet Security / Anti-Virus program scan the downloaded file and if it is clear, then install it.
    – I tend to do this with all Updates; trust nobodies scan them all before installing anything, disable all Automatic installations check for, scan and install all updates manually. Remember to create a Restore Point before you do so !

    Happy Computing Folks.

  2. I am glad to know this and thanks to PC Matic for the information but this is sad. This includes several friends I told numerous times to ditch Avast and CCleaner. They have finally seen the light and switched to PC Matic but only after the latest. Truly sad. Requiring them much time now, when they really did not have the time to waste.

    • @PCMaticLifetimeUser:

      i like what pcmatic is doing, not so sure of the motivation yet ccleaner has been a go to staple for the last 5-10 years and this hiccup by Avast has tarnished CCleaner but not beyond repair. For the past 1-2 years, the 5.25 and up to 5.32 versions I was using and the 5.33 seemed suspect in how it installed ever since they dropped the list of options and had to click customize to uncheck the unnecessary and unwanted options. regardless, i like pcmatic since i have something similar called gogreen pc tune-up coming online soon. that does what we believe is the necessary good and all things computing.

      pcmatic has some good stuff in it, and the newsletters are good too. well designed and thought out. yet, a few of the titles and stance on the sky is almost falling needs to be reigned in a bit; almost being alarmist.

      from windows, mac to linux – be safe out out there online and in the wild.

  3. While all the eyes are firmly on Russia’s Kasperky the attack comes from the Czech Republic, a NATO member country.
    Well done, guys!

    • @Peter:
      So what does Kasperky have to do with this Topic on CCleaner ?
      Introducing Kasperky is a “Red Herring” intrusion and I would suggest has nothing to do with this topic on CCleaner

    • @Peter:

      yes, since mid-2000s Kaspersky we stayed away from because we knew the origin of the development. all things being equal in globalization – we warned users for the last decade. So what is safe out there? there is a list of 25+ free antivirus solutions that vary in approach from mediocre to false positives to total lock down and system degradation to overly chatty with users and what the program is doing all day long. Avast talks too much, Comodo is/was a hard uninstall and re-install, and the list goes on. the paid versions are bloated and heavy, too heavy for mid-level pc spec’ed owners. developers and test teams need to benchmark their solutions on a compaq 386/33 and see how it performs before releasing a solution to the public (ha – i jest.. maybe a dual core with 2gb of ram and a DSL connect 5/2)..

      Kaspersky did well until the 2016 US election focus. the other countries with products in question that the US heavily leverages because they don’t have an internal solution that is priced right and supported 100% in good english is a show list but a very interesting list of concern.

      Love live Kaspersky and others countries that have US offices that try to help US customers in a good and ethical way like the original Internet AUP had intended that supersedes all governments and borders, and laws. i believe that rule still prevails when applied appropriately by the ICANN leadership.

      Long live some version of kaspersky if mod’ed correctly to stop the madness (if truly real).

  4. This report is a week after the event and in the meantime v5.34 was release and the v5.35 both 34 and 35 are safe to use !
    Notably the kerfuffle about 5.33 related to old OS’s using 32bit systems.
    I also considered this as a fault of Avast and not Piriform CCleaner

  5. Hi, the latest version of CCleaner is 5.35 but my 64 bit machine seems to be stuck on 5.29.6033 (64-bit). I tried to update it but I get the following error message: “CCleaner could not be updated.”
    0x2f08: A redirect request will change a secure to a non-secure connection.

    I am using CCleaner Professional Registered version which is up to date with its licence.
    Can you assist with my problem?
    Thanks.

  6. Quote: ” The malware also quit execution if the user was not using an administrator account.”

    Another good reason to use standard or local account.

        • Hi Maurice, The information within the post is not outdated, as the issue was just released to the public this week. The versions impacted are outdated; however, many users do not have the automatic updates set up like you do! Keep up the great maintenance — ensuring your software programs are updated promptly is one of the best things you can do to combat cyber threats!

Leave a Reply

Your email address will not be published. Required fields are marked *