In a shocking discovery, it was recently discovered that popular software optimizer, CCleaner had been infected with malware. The news was announced by the developer, Piriform, owned by Avast. The malware was discovered by security researchers at Cisco Talos, a threat research company.
CCleaner formerly known as “Crap Cleaner”, is a utility program often used to delete unwanted junk files, temporary internet files, invalid Windows Registry entries etc. from a computer. CCleaner’s popularity can be assessed by the fact that it has been downloaded over 2 billion times.
The legitimate 32-bit version of CCleaner, v5.33.6162 and CCleaner Cloud v1.07.3191 were infected by a multi-layer malware. Out of the 2.27 million users who had downloaded and installed the infected version, 5000 users were reported to be infected by the malware. Malwares usually collect data such as the IP address, computer name, installed softwares, and a list of network adapters which is forwarded to a third-party computer server.
The exploit was discovered by Cisco Talos while conducting customer beta testing of new exploit detection technology.The infected version was released on 15th of August and was operational till 12th September when the compromised software was confirmed by the company. On the same day a new and uninfected version of CCleaner was released by Piriform. The clean version for CCleaner Cloud was released on 15th of September.The attack was fortunately stopped before it could evolve into something more malicious. Cisco Talons were quoted saying "This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world,".
With the clean versions now available, the infected users are advised to either restore their systems to a version before 15th August or perform a complete system restore in order to eliminate further infection and attack possibilities.