Published: Tue, September 19, 2017
Markets | By Terence Owen

Millions of users infected after hackers hide backdoor in CCleaner

Millions of users infected after hackers hide backdoor in CCleaner

The regular and cloud-based versions of CCleaner, which has been downloaded over 2 billion time worldwide as of November 2016 and adds about 5 million new users a week, have since been patched and the US-based server to which the malicious code sent system information has been shut down.

The version of CCleaner tried to connect to several unregistered web pages, presumably to download other programmes.

The affected version of CCleaner included code that installed malware capable of downloading and executing malicious programs on the affected system.

Popular system maintenance tool CCleaner has been compromised by a serious malware infection, which is a particularly embarrassing incident given that the app was bought up by antivirus giant Avast back in the summer. Piriform recommends users of CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191 to download new versions of the software.

The company believes it was able to disarm the malware before it harmed users.

The company also added that the rogue server is down and other potential servers are out of the control of the attacker.

Everybody who downloaded and installed the affected versions in that timespan.

Troll Level: Expert - Donald Trump Literally Takes Aim at Hillary on Twitter
The tweets come after a week in which Clinton has released her memoir and North Korea launched a ballistic missile over Japan. In another tweet, Trump kept up his trolling by apparently referring to North Korean leader Kim Jong Un as "rocket man".

Residents Dead In Florida Nursing Home That Lost Power After Irma
The bridge that crosses the river is just north of Gainesville, the state capital and home to the University of Florida. The deaths, if confirmed as storm-related, would take the death toll in Florida from the hurricane to at least 17.

Lady Gaga reveals why she and Taylor Kinney ended their engagement
Lady Gaga is planning to take a break from music when her current world tour ends, so she can do a little "healing". Gaga and Kinney called it quits shortly after she landed a leading role in Bradley Cooper 's A Star Is Born .

In the meantime, they have already made download sites remove CCleaner v5.33.6162, they pushed out a notification to update CCleaner users from v5.33.6162 to v5.34, and automatically updated CCleaner Cloud users from v1.07.3191 to 1.07.3214.

Talos registered all of the domains associated with the algorithm, which had not been previously configured, to "black hole" the malware and prevent it from reestablishing communications in the future.

According to its parent company Avast, more than 130 million people use the performance optimisation software CCleaner. Version 5.34 came out on September 12, the same day the CCleaner devs found the malware themselves, and it didn't have the malware bundled with it.

The Talos team further analyzed the CCleaner file, and although the file was correctly signed by the vendor, CCleaner was not the only application being downloaded on users' systems.

"On September 13, 2017 Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities", Cisco Talos said in a blog post. Piriform says it now investigating how the software version became compromised, and is taking steps to make sure it never happens again. The contaminated utility served as a beacon call for additional forms of malware-using a backdoor, an attacker could run code from a remote IP address. "The investigation is still ongoing", said Piriform's VP of products, Paul Young.

Business and consumer users of Piriform's CCleaner software are being urged to ensure they are using the latest versions that do not contain a hacker-inserted backdoor.

Like this: