Hackers spread hidden malware to 2.27 million people via CCleaner

Malware enslaves your computer, but Avast believes it disarmed the threat in time

An app used by millions to optimise computer performance has been hit by a malware attack.

CCleaner is an application that helps upwards of two billion computer owners keep their devices optimised, by cleaning cookies, internet history and other temporary files, but now it's being used to spread malware to millions of users.

The latest version of the app infects PCs, it is believed, making them part of a botnet - slave computers that hackers can pull into DDoS attacks.

A version of CCleaner 5.33 downloaded in August included hidden malware, according to security investigators Cisco Talos. But CCleaner's owner, Avast Piriform, claimed it prevented the breach from harming customers.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The version of CCleaner tried to connect to several unregistered web pages, presumably to download other programs.

"On September 13 2017, Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities," Cisco Talos said in a blog post.

What makes this attack unusual is that it comes from a legitimate version of a trusted app.

"By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates," the blog post continued.

However, the company that owns CCleaner, Avast Piriform, said the breach did not harm any of their customers.

"Piriform believes that these users are safe now as its investigation indicates it was able to disarm the threat before it was able to do any harm," said an Avast spokesperson.

Advertisement - Article continues below

But a Piriform spokesperson added: "We estimate that 2.27 million users had the affected software installed on 32-bit Windows machines."

But Cisco Talos says the malware could expose a wider security problem. "The presence of a valid digital signature on the malicious CCleaner binary may be indicative of a larger issue," the firm said.

Craig Williams, a researcher at Cisco Talos, said it counted as a sophisticated attack since it penetrated a trusted supplier. This is similar to June's NotPetya attack hidden in infected Ukrainian accounting software.

"There is nothing a user could have noticed," Williams said, noting that the optimisation software had a proper digital certificate, which means that other computers automatically trust the program.

This is just the latest hack in an increasingly exposed online world. From TalkTalk to Ashley Madison, major hacking and data breaches have been consistently damaging companies and their customers over the past few years, and anyone can be caught in the crossfire.

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020
Visit/software/linux/354831/microsoft-to-add-defender-antivirus-software-to-linux-ios-and-android
Linux

Microsoft to add Defender antivirus software to Linux, iOS and Android

21 Feb 2020