CCleaner anti-malware infected… with malware

ByCraig Haley

A popular anti-malware tool has been identified as the culprit for why over 2 million users have found themselves infected… with malware.

CCleaner – a popular anti-malware tool recently acquired by security firm Avast – boasts over 2 billion downloads, and is extremely popular with tech-savvy users looking to speed up their machines.

However sometime in late August things went very wrong as users updated their version of CCleaner to v5.33. And that’s because this update contained malware – more specifically, code that could steal certain information about a device and transmit it to a server based in the US. The code also installed a potential backdoor for criminals that would potentially allow them to access an infected device (though there is no evidence that this actually happened.)

The breach was discovered independently by Cisco Talos who immediately altered Avast.


Sponsored Content. Continued below...




The malware in the update duly installed itself on any device that installed the CCleaner update, which was around 2 million devices.

So how did a legitimate (digitally signed) update from a well-regarded anti-malware vendor end up containing malware?

It’s what is called a supply chain attack. Cyber criminals don’t go after the end user – they go after the software developers. This way it is the end user themselves that will install the malware in the guise of a legitimate update that they will naturally trust.


Sponsored Content. Continued below...




This means at some point, criminals attacked the development computers belonging to CCleaner and injected malicious code into their software, which was then distributed to their customers via an update.

So if you use CCleaner, ensure you no longer have v.5.33 and have updated to v5.34 as soon as you can. Paid users should have the update applied automatically. Free version users need to install it manually. If you did have v5.33 installed, an antivirus scan may be advised.

A supply chain attack was also responsible for kick-starting the NotPetya ransomware attack earlier in 2017 by infecting an update for a popular Ukrainian accounting software called MeDoc.

Keep up-to-date with all our latest articles. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)