CCleaner Hacked With Data-Stealing Malware Injection

[henrytcasey]

The popular system utiity CCleaner was infected with malware by unknown hackers looking to take data and spread more malicious code.

CCleaner Hacked With Data-Stealing Malware Injection : Read more

 

[Kenton82]

Only 32-bit systems affected. Not good still though.

 

[flaggingred]

I run 64-bit and Malwarebytes rootkit found the malware in the CCleaner folder.

 

[Avast-Team]

Hi everyone --

There's a lot of detail regarding this in an official post on Piriform's blog:

http/www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

http/www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

The key point from the blog post:

"Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process. We also immediately contacted law enforcement units and worked with them on resolving the issue. Before delving into the technical details, let me say that the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version. Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm."

I will be following up with any additional information from my team as soon as it's available, and we thank everyone for your support.

 

[peterblaise]

.
Note that 64-bit versions are CALLED by the 32-bit application nonetheless, so ALL CCleaner v5.33 installations -- 64-bit as well as 32-bit -- are suspect.
.

 

[gerry16188]

I had my Win 10 64bit my Win7 64 bit and my Vista 32bit hacked with actually 2 different trojans. My Hotmail Skype also were compromised as I got a message from Microsoft to tell me that someone tried to access my account so I had to change passwords etc etc. not a fun afternoon.

 

[Avast-Team]

Hi everyone -- our CEO and CTO have provided a detailed article clearing up some misconceptions about the incident. I believe this will give you the answers you're looking for.

https/blog.avast.com/update-to-the-ccleaner-5.33.6162-security-incident

The incident only affected specific 32-bit versions of CCleaner -- no other Avast or Piriform products were affected -- and the threat was neutralized before any harm could be done.

 

[rherber1]

I regularly run a MalwareBytes scan and this trojan wasn't detected when CCleaner 5.33 was functioning. It also wasn't detected by MWB when the 5.34 upgrade occurred last week. Only on Sept 19 (Australian time) when MalwareBytes database was updated to v. 2017.09.19.02 did it successfully notify that CCleaner was infected with Floxif.

So, running a malware scan with one of the most widely used detection and removal programs was of no use whatsoever prior to Sept 19.

 

[notlaughingnow]

Running Win 10 -64-bit and Defender found Floxif yesterday
Thanks for the heads up Piriform
Blog comments not good enough
Seems Piriform knew much earlier in Sep.
Poor transparency
It's really an online war
We, public, and customers, last to know

 

[maximus1995]

I didn't have the 32 bit version, but I still uninstalled and ran MalwareBuster just to be sure, I can't believe such a large scale hack was pulled off this well.