Backdoor attack hits two million CCleaner users
Download package loaded with data-harvesting trojan.
One of the world’s most popular PC cleanup and optimization tools, CCleaner, has been hit by a malware attack thought to have affected more than two million customers, the app’s developer confirmed today.
Piriform, which was acquired by security firm Avast in July, said it determined on September 12 that the 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 had been compromised in a “sophisticated manner”.
According to the London-based firm, a trojan was loaded into the download package – a so-called ‘supply chain attack’ – some point after August 15, when the CCleaner versions were released.
The malware caused the transmission of “non-sensitive data” – computer name, IP address, list of installed software, list of active software, and list of network adapters – to a third-party server in the US.
While Piriform said it has now patched the leak, the company said the infected software may have been used by 2.27 million people – or 3% of its user base.
“Working with US law enforcement, we caused this server to be shut down on September 15 before any known harm was done,” Piriform said.
“It would have been an impediment to the law enforcement agency’s investigation to have gone public with this before the server was disabled and we completed our initial assessment.”
“We encourage any user of the 32-bit version of CCleaner v5.33.6162 to download the latest version here.”
Launched in 2004, CCleaner is Piriform’s flagship solution. The maintenance tool, which is said to improve computer performance, has been downloaded more than two billion times.