AfterDawn: Tech news

Piriform: CCleaner malware disaster was caused by a hacker

Written by Petteri Pyyny @ 19 Sep 2017 5:22 User comments (1)

Piriform: CCleaner malware disaster was caused by a hacker It was revealed recently that super-popular computer cleaning software CCleaner included malware with its official distribution package. Now, the details of this disaster have been unfolded.
In Reuters article the author company behind the CCleaner, British Piriform, tells about the incident. According to them, a hacker had breached their systems sometime back in August and gained access to resources that allowed hacker to inject malicious code to the official distribution package, while still having the official CCleaner security certificate attached to the package.

Malware was distributed with CCleaner version v5.33 that was released in August. According to Piriform, more than 2 million users had downloaded that specific version and were therefor breached.



Malware itself only worked in 32-bit Windows versions and required administrator right in order to run properly. It collected information about the victim's computer, victim's installed software and files. According to Piriform, malware had elements to download more software and install them, but those elements weren't initiated by the malware before its detection.

Malware was detected by Cisco's security company Talos on 12th of September. Immediately after the discovery, Talos contacted Piriform's owner, Avast and notified them. Avast then released a cleansed version of v5.33 on the same day and contacted U.S. law enforcement authorities. With the assistance of the U.S. authorities, they managed to shut down the U.S. -based server the malware was trying to contact.

Three days later, on 15th of September, company released a new version, v5.34, hoping that people would immediately update to the new version. However, as CCleaner doesn't do automatic updates, those more than 2 million users who installed v5.33 now need to manually uninstall v5.33 and reinstall newer v5.34 in order to get rid of the infected version.

Talos calls the hack "very sophisticated one" and users who installed the infected software had no way of knowing that the version they were installing, wasn't the authentic one.

You can download the latest, clean version of CCleaner from here:

Download latest, clean version of CCleaner (from AfterDawn's own servers)

..you can alternatively download the latest version also from Piriform's homepage.

Previous Next  

1 user comment

119.9.2017 11:27

If hacker scumbags like this only redirected their efforts to something more productive and beneficial, the world would be a better place.

I'm all about the hack but shit...if the hacker doesn't get to experience the fallout, WHAT'S THE F'ING POINT!

Comments have been disabled for this article.

Latest news

Sideloading apps to Android gets easier, as Google settles its lawsuit Sideloading apps to Android gets easier, as Google settles its lawsuit (19 Dec 2023 11:09)
Google settled its lawsuit in September 2023, and one of the settlement terms was that the way applications are installed on Android from outside the Google Play Store must become simpler. In the future, installing APK files will be easier.
5 user comments
Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets (06 Jun 2023 9:19)
Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
Neato, the robot vacuum company, ends its operations Neato, the robot vacuum company, ends its operations (02 May 2023 3:38)
Neato Robotics has ceased its operations. American robot vacuum pioneer founded in 2005 has finally called it quits and company will cease its operations and sales. Only a skeleton crew will remain who will keep the servers running until 2028.
5 user comments
How to Send Messages to Yourself on WhatsApp How to Send Messages to Yourself on WhatsApp (20 Mar 2023 1:25)
The world's most popular messaging platform, Meta-owned WhatsApp has enabled sending messages to yourself. While at first, this might seem like an odd feature, it can be very useful in a lot of situations. ....
18 user comments
How to Enable Bluetooth on Stadia Controller How to Enable Bluetooth on Stadia Controller (11 Feb 2023 1:04)
Google shut down its streaming game service Stadia late last month and this means that some people have Stadia controllers lying around that seem to be of no use. That is fortunately not the ....
2 user comments

News archive