Backdoor in CCleaner Affects Millions, Reason Behind Hack Unknown

Backdoor in CCleaner Affects Millions, Reason Behind Hack Unknown

CCleaner, ‘the world’s most popular PC cleaner’ has been backdoored, researchers confirmed. Unfortunately, researchers still haven’t figured out the details surrounding the event, and it’s still unknown how it happened. Nonetheless, the hack has been confirmed by Piriform, the developer company that was recently acquired by Avast. Apparently, the 32-bit version of v5.33.6162 of CCleaner and the v1.07.3191 of CCleaner Cloud were breached.

Here is what Piriform has stated on the matter:

We recently determined that older versions of our Piriform CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 had been compromised. We resolved this quickly and believe no harm was done to any of our users. This compromise only affected customers with the 32-bit version of the v5.33.6162 of CCleaner and the v1.07.3191 of CCleaner Cloud. No other Piriform or CCleaner products were affected.

Piriform also encourages all users of the 32-bit version of CCleaner v5.33.6162 to download v5.34 immediately.

How and Why Was CCleaner Backdoored? How Many Users Are Affected?

According to Piriform’s internal statistics, up to 3% of their users use the two versions of the software. However, no actual numbers were revealed. The popularity of the program among users worldwide is still a widely known fact, which means millions of users were affected. 2016 numbers show that the total number of downloads is approximately 2 billion. It’s also not a secret that the program’s weekly installations are more than 5 million.

Related Story: Latentbot – the Advanced Backdoor with Stealthy Capabilities

How Was the Hack Discovered?

Cisco was the first company to acknowledge that there was something wrong with the program. Cisco researchers were beta testing a new exploit detection technology when they came across the bothersome finding. The executable that was flagged was signed with a valid digital certificate issued to Piriform, researchers explain, but it had an additional payload. In fact, it was a “a two-stage backdoor capable of running code received from a remote IP address on affected systems,” as depicted by Paul Yung, Piriform’s VP of Products.

Not surprisingly, the backdoor could collect sensitive information about the breached systems, consisting of name of the computer, its IP address, list of installed software, running processes and such. All the collected information was encrypted and sent to a remote server in the US.

The incident is still undergoing investigation, where both Piriform and Avast are still working to clarify how and why the hack that affected millions of their users took place in the first place.

All affected users are urged to download CCleaner v5.34 as soon as possible. A malware scan to check if the system has been compromised is also highly recommended.

Download

Malware Removal Tool


Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.