CCleaner users were in for a shock when Piriform (the company which owns the software) revealed on their blog that malware had attached itself to certain versions of the utility software.
The blog mentioned that CCleaner had been compromised by certain unknown hackers.
Piriform’s VP of product while talking about the some technical details said
An unauthorized modification of the CCleaner.exe binary resulted in an insertion of a two-stage backdoor capable of running code received from a remote IP address on affected systems.
CCleaner is a software tool which is designed to optimize and clean Windows PCs and Android devices.
The Affected Versions and Data
The affected versions of the software are CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. Piriform discovered the infection on 12th September, giving the malware almost one month to establish its roots in the devices.
The malware was aimed at harvesting data from the devices it was installed on. The data which is at risk as specified by Piriform is:
- The computer name,
- IP address,
- List of installed software,
- List of active software and,
- List of network adapters
Some of the users might still have the affected version, which is why the company has been urging the users to upgrade their software to version 5.34 or higher.
CCleaner have been putting in efforts to move all their users to newer versions and those on the CCleaner cloud were moved to the new version automatically as reported on their blog by Piriform.
It is predicted that the data is being transmitted to a third party server located in US. “We have no indications that any other data has been sent to the server,” the blog said. The server was successfully shut down on 15th September.
Avast, one of the biggest players in system security, had acquired the program in July. A spokesperson from Avast said while reporting to media,
We believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm. We estimate that 2.27 million users had the affected software installed on 32-bit Windows machines.
The Number of Users Affected By The Malware
When the news was released, many were concerned about the number of devices affected. CCleaner has 130 million users which include 15 million android users.
As reported by Avast, only a small minority was really affected by the malware. The affected PCs were limited to 32 bit devices while none of the Android users were affected.
Piriform also reported that the affected version was used by 3% of their users.