CCleaner Hacked With Data-Stealing Malware Injection

Status
Not open for further replies.

Avast-Team

Estimable
Mar 3, 2017
225
1
5,165
53
Hi everyone --

There's a lot of detail regarding this in an official post on Piriform's blog:

http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

http://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

The key point from the blog post:

"Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process. We also immediately contacted law enforcement units and worked with them on resolving the issue. Before delving into the technical details, let me say that the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version. Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm."

I will be following up with any additional information from my team as soon as it's available, and we thank everyone for your support.
 

peterblaise

Prominent
Sep 19, 2017
1
0
510
0
.
Note that 64-bit versions are CALLED by the 32-bit application nonetheless, so ALL CCleaner v5.33 installations -- 64-bit as well as 32-bit -- are suspect.
.
 

gerry16188

Prominent
Sep 19, 2017
1
0
510
0
I had my Win 10 64bit my Win7 64 bit and my Vista 32bit hacked with actually 2 different trojans. My Hotmail Skype also were compromised as I got a message from Microsoft to tell me that someone tried to access my account so I had to change passwords etc etc. not a fun afternoon.
 

rherber1

Estimable
Jun 12, 2015
1
0
4,510
0
I regularly run a MalwareBytes scan and this trojan wasn't detected when CCleaner 5.33 was functioning. It also wasn't detected by MWB when the 5.34 upgrade occurred last week. Only on Sept 19 (Australian time) when MalwareBytes database was updated to v. 2017.09.19.02 did it successfully notify that CCleaner was infected with Floxif.

So, running a malware scan with one of the most widely used detection and removal programs was of no use whatsoever prior to Sept 19.
 

notlaughingnow

Prominent
Sep 24, 2017
1
0
510
0
Running Win 10 -64-bit and Defender found Floxif yesterday
Thanks for the heads up Piriform
Blog comments not good enough
Seems Piriform knew much earlier in Sep.
Poor transparency
It's really an online war
We, public, and customers, last to know
 

maximus1995

Prominent
Oct 5, 2017
1
0
510
0
I didn't have the 32 bit version, but I still uninstalled and ran MalwareBuster just to be sure, I can't believe such a large scale hack was pulled off this well.
 
Status
Not open for further replies.
Thread starter Similar threads Forum Replies Date
S Antivirus / Security / Privacy 1
gibbsy09 Antivirus / Security / Privacy 4
M Antivirus / Security / Privacy 0
Mike Mason Antivirus / Security / Privacy 0
Paul Wagenseil Antivirus / Security / Privacy 1
H Antivirus / Security / Privacy 10
Sohom Antivirus / Security / Privacy 9
U Antivirus / Security / Privacy 9
R Antivirus / Security / Privacy 3
T Antivirus / Security / Privacy 1
Myronazz Antivirus / Security / Privacy 4
D Antivirus / Security / Privacy 5
H Antivirus / Security / Privacy 1
M Antivirus / Security / Privacy 9
ThunderSU Antivirus / Security / Privacy 4
G Antivirus / Security / Privacy 4
J Antivirus / Security / Privacy 2
I Antivirus / Security / Privacy 8
CxRizzle Antivirus / Security / Privacy 7
J Antivirus / Security / Privacy 2

ASK THE COMMUNITY