Piriform reported on Monday that hackers had illegally tampered with versions 5.33.6162 of CCleaner and 1.07.3191 of CCleaner Cloud, effectively bundling malware that allowed them to collect data from infected machines.
The supply chain attack is estimated to have reached roughly 4 million users, but Avast, who acquired the software maker that develops CCleaner, said it managed to contain the threat before it could cause any harm.
It was discovered roughly a week ago, around the same time other cybersecurity firms like Cisco Talos started reporting the issue. Piriform has said Cloud users have received automatic updates, but regular version users should update manually according to the company.
Legitimate version of CCleaner distributed by Avast from Aug till Sep 2017 contained a multi-stage malware payload https://t.co/7NovQRh1OL
— Eugene Kaspersky (@e_kaspersky) September 18, 2017
What did hackers do to CCleaner?
On September 12, the makers of CCleaner detected some strange behavior coming from their own platform and traced the unusual occurrence to the installer of the system cleaning tool.
There, they found malware capable of gathering information including IP addresses, network adapters, active software, and more details from your computer and relaying them to a third-party server located in the United States.
According to Piriform, no other sensitive information was collected or transmitted, at least to the best of their knowledge. Although the implications of a remotely controlled malware are enough cause for concern, the idea that this came from the developers themselves seems more troublesome for security researchers.
The malicious code was implanted before the infected version was released to the public, leaving people exposed for roughly a month before its discovery. This incident suggests there is a possibility that the attack came from within, and nobody noticed for quite some time.
Security firms like Cisco Talos have highlighted the significance of the threat not so much for its infiltrating capabilities but more because of its massive range. CCleaner is a very popular tool, installed in more than 2 billion devices and growing at a rate of 5 million new users per week, according to Avast.
What should I do to stay safe?
If you are running desktop versions of the cleaning tool, first you need to clear out which one. If it is CCleaner Cloud then you are probably at the latest, safe version already since the software makers issued an automatic update in the hours leading to the threat announcement.
On the other hand, the standard version of CCleaner requires you to update manually (version 5.4), which you can do through the official website for the software. If you have the popular tool installed on your Android device, fear not. Avast has confirmed no mobile devices were affected by the malware attack.