In Reuters article the author company behind the CCleaner, British Piriform, tells about the incident. According to them, a hacker had breached their systems sometime back in August and gained access to resources that allowed hacker to inject malicious code to the official distribution package, while still having the official CCleaner security certificate attached to the package.
Malware was distributed with CCleaner version v5.33 that was released in August. According to Piriform, more than 2 million users had downloaded that specific version and were therefor breached.
Malware itself only worked in 32-bit Windows versions and required administrator right in order to run properly. It collected information about the victim's computer, victim's installed software and files. According to Piriform, malware had elements to download more software and install them, but those elements weren't initiated by the malware before its detection.
Malware was detected by Cisco's security company Talos on 12th of September. Immediately after the discovery, Talos contacted Piriform's owner, Avast and notified them. Avast then released a cleansed version of v5.33 on the same day and contacted U.S. law enforcement authorities. With the assistance of the U.S. authorities, they managed to shut down the U.S. -based server the malware was trying to contact.
Three days later, on 15th of September, company released a new version, v5.34, hoping that people would immediately update to the new version. However, as CCleaner doesn't do automatic updates, those more than 2 million users who installed v5.33 now need to manually uninstall v5.33 and reinstall newer v5.34 in order to get rid of the infected version.
Talos calls the hack "very sophisticated one" and users who installed the infected software had no way of knowing that the version they were installing, wasn't the authentic one.
You can download the latest, clean version of CCleaner from here:
Download latest, clean version of CCleaner (from AfterDawn's own servers)
..you can alternatively download the latest version also from Piriform's homepage.
Written by: Petteri Pyyny @ 19 Sep 2017 5:22
