CCleaner is a pop application amongst over 2 billion downloads, created yesteryear Piriform in addition to lately acquired yesteryear Avast, that allows users to construct clean upward their arrangement to optimize in addition to heighten performance.
Security researchers from Cisco Talos discovered that the download servers used yesteryear Avast to allow users download the application were compromised yesteryear some unknown hackers, who replaced the master copy version of the software amongst the malicious i in addition to distributed it to millions of users for some a month.
This incident is nevertheless some other event of render chain attack. Earlier this year, update servers of a Ukrainian companionship called MeDoc were too compromised inward the same means to distribute the Petya ransomware, which wreaked havoc worldwide.
Avast in addition to Piriform accept both confirmed that the Windows 32-bit version of CCleaner v5.33.6162 in addition to CCleaner Cloud v1.07.3191 were affected yesteryear the malware.
Detected on xiii September, the malicious version of CCleaner contains a multi-stage malware payload that steals information from infected computers in addition to sends it to attacker's remote command-and-control servers.
"All of the collected information was encrypted in addition to encoded yesteryear base64 amongst a custom alphabet," says Paul Yung, V.P. of Products at Piriform. "The encoded information was later submitted to an external IP address 216.126.x.x (this address was hardcoded inward the payload, in addition to nosotros accept intentionally masked its final 2 octets here) via a HTTPS POST request."
The malicious software was programmed to collect a large number of user data, including:
- Computer name
- List of installed software, including Windows updates
- List of all running processes
- IP in addition to MAC addresses
- Additional information similar whether the procedure is running amongst admin privileges in addition to whether it is a 64-bit system.
How to Remove Malware From Your PC
According to the Talos researchers, some five meg people download CCleaner (or Crap Cleaner) each week, which indicates that to a greater extent than than xx Million people could accept been infected amongst the malicious version the app.
"The impact of this develop on could hold upward severe given the extremely high number of systems perhaps affected. CCleaner claims to accept over 2 billion downloads worldwide every bit of Nov 2016 in addition to is reportedly adding novel users at a charge per unit of measurement of five meg a week," Talos said.However, Piriform estimated that upward to iii pct of its users (up to 2.27 meg people) were affected yesteryear the malicious installation.
Affected users are strongly recommended to update their CCleaner software to version 5.34 or higher, inward guild to protect their computers from existence compromised. The latest version is available for download here.
