Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Hackers compromised free CCleaner software

Petrovic

By Petrovic
in Security & Privacy News

Recommended Posts

Petrovic

Petrovic

Posted
Posted

Hackers broke into British company Piriform’s free software for optimizing computer performance last month potentially allowing them to control the devices of more than two million users, the company and independent researchers said on Monday.

 

The malicious program was slipped into legitimate software called CCleaner, which is downloaded for personal computers and Android phones as often as five million times a week. It cleans up junk programs and advertising cookies to speed up devices.

 

CCleaner is the main product made by London’s Piriform, which was bought in July by Prague-based Avast, one of the world’s largest computer security vendors. At the time of the acquisition, the company said 130 million people used CCleaner.

 

A version of CCleaner downloaded in August included remote administration tools that tried to connect to several unregistered web pages, presumably to download additional unauthorized programs, security researchers at Cisco’s (CSCO.O) Talos unit said.

 

Talos researcher Craig Williams said it was a sophisticated attack because it penetrated an established and trusted supplier in a manner similar to June’s “NotPetya” attack on companies that downloaded infected Ukrainian accounting software.

 

“There is nothing a user could have noticed,” Williams said, noting that the optimization software had a proper digital certificate, which means that other computers automatically trust the program.

 

In a blog post, Piriform confirmed that two programs released in August were compromised. It advised users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 to download new versions. A spokeswoman said that 2.27 million users had downloaded the August version of CCleaner while only 5,000 users had installed the compromised version of CCleaner Cloud.

 

Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12. A new, uncompromised version of CCleaner was released the same day and a clean version of CCleaner Cloud was released on Sept. 15, it said.

 

The nature of the attack code suggests that the hacker won access to a machine used to create CCleaner, Williams said.

CCleaner does not update automatically, so each person who has installed the problematic version will need to delete it and install a fresh version, he said.

Williams said that Talos detected the issue at an early stage, when the hackers appeared to be collecting information from infected machines, rather than forcing them to install new programs.

 

Piriform said it had worked with U.S. law enforcement to shut down a server located in the United States to which traffic was set to be directed.

It said the server was closed down on Sept. 15 “before any known harm was done”.

Source

Link to comment
Share on other sites
  • Replies 57
  • Views 7.7k
  • Created
  • Last Reply
knowledge-Spammer

knowledge-Spammer

Posted
Posted
7 hours ago, 0bin said:

I think Avast don't want ruin this investment, and give some liberty to Piriform.

the good thing is if people download from my posts u not have this problems :) i make sure no bad code in my versions

but now ccleaner have updated maybe things changed inside the program  ? ill have a look soon

Link to comment
Share on other sites
knowledge-Spammer

knowledge-Spammer

Posted
Posted

i see this This version was signed using a valid certificate that was issued to Piriform Ltd by Symantec

Symantec  :o

Link to comment
Share on other sites
knowledge-Spammer

knowledge-Spammer

Posted
Posted

i just look at newer version it have changed and added new files inside

i can make my version like i did but it seems now on 32bit exe more av flag my exe now with 3 avs

 

but as more then one av flags it maybe its best i not post for ccleaner nomore as maybe people will say i give virus or somethings like that

its a shame as its just the 32bit exe  not 64bit  and its not  ClamAV

https://image.ibb.co/iKdmM5/CpWz_033.png

 

Link to comment
Share on other sites
steven36

steven36

Posted
Posted

Scary stuff , from what I get here it was only the 32 bit version that was compromised .

 

Quote

Posted Today, 02:12 AM

Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users

We recently determined that older versions of our Piriform CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 had been compromised. We resolved this quickly and believe no harm was done to any of our users. This compromise only affected customers with the 32-bit version of the v5.33.6162 of CCleaner and the v1.07.3191 of CCleaner Cloud. No other Piriform or CCleaner products were affected. We encourage all users of the 32-bit version of CCleaner v5.33.6162 to download v5.34 here: download. We apologize and are taking extra measures to ensure this does not happen again.

 

Issue Summary: Our new parent company, the security company Avast, determined on the 12th of September that the 32-bit version of our CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 products, which may have been used by up to 3% of our users, had been compromised in a sophisticated manner. Piriform CCleaner v5.33.6162 was released on the 15th of August, and a regularly scheduled update to CCleaner, without compromised code, was released on the 12th of September. CCleaner Cloud v1.07.3191 was released on the 24th of August, and updated with a version without compromised code on September 15. The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA. We have no indications that any other data has been sent to the server. Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done. It would have been an impediment to the law enforcement agency’s investigation to have gone public with this before the server was disabled and we completed our initial assessment. Between the 12th and the 15th, we took immediate action to make sure that our Piriform CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 users were safe—we worked with download sites to remove CCleaner v5.33.6162, we pushed out a notification to update CCleaner users from v5.33.6162 to v5.34, we automatically updated CCleaner Cloud users from v1.07.3191 to 1.07.3214, and for users using Avast Antivirus, they received an automatic update.

 

We are continuing to investigate how this compromise happened, who did it, and why. We are working with US law enforcement in their investigation. A more technical description of the issue is on our Piriform blog at: www.piriform.com/news/blog. Again, we sincerely apologize for this and are committed to making sure nothing similar happens again. We encourage any user of the 32-bit version of CCleaner v5.33.6162 to download the latest version of Piriform CCleaner found here: www.piriform.com/ccleaner/download/standard.

  

https://forum.piriform.com/index.php?s=82dc16100de70b7bf894195733870766&showtopic=48869


 

Link to comment
Share on other sites
sam3971

sam3971

Posted
Posted

That is kinda silly if it only affected the 32bit version. I was running this edition on x64 but did not notice anything.

Link to comment
Share on other sites
HJSC

HJSC

Posted
Posted

If only the 32 bit version executable has been affected, then only one update is sufficient to resolve the said problem? Incidentally, only the free version of CCleaner has been affected, right? Thankfully I migrated some time ago for the Tech Edition.

 

Well, I still have the slim version of ccleaner 5.33.6162, and this is the result of the analysis on the virus total:

Spoiler

Fuxm.png

 

Link to comment
Share on other sites
knowledge-Spammer

knowledge-Spammer

Posted
Posted
8 hours ago, HJSC said:

If only the 32 bit version executable has been affected, then only one update is sufficient to resolve the said problem? Incidentally, only the free version of CCleaner has been affected, right? Thankfully I migrated some time ago for the Tech Edition.

 

Well, I still have the slim version of ccleaner 5.33.6162, and this is the result of the analysis on the virus total:

  Hide contents

Fuxm.png

 

can u post this version i wait to see it as its real virus inside it i think

i tryed to download from http://www.piriform.com/ccleaner/download/slim/downloadfile

but cant

Link to comment
Share on other sites
Recruit

Recruit

Posted
Posted

Ccleaner 5.33.6162 All Versions : for our " security experts " : I need a good laugh ! :tehe:   I haven't included my bro @knowledge here !

 

Hope Mr. SysAdmin will not be late....:P

 

Site: https://www.upload.ee
Sharecode[?]: /files/7471006/CCleaner_5.33.6162.rar.html

 

Site: https://www.mirrorcreator.com
Sharecode[?]: /files/ZO0GZBID/CCleaner_5.33.6162.rar_links

 

NgjtHzs.png

Link to comment
Share on other sites
Recruit

Recruit

Posted
Posted

Oh yeah : Avast investigated the incident but their engine doesn't recognize the threat : :rofl::lmao:

 

0pYvbAA.png

Link to comment
Share on other sites
Pete 12

Pete 12

Posted
Posted

Dont let them ( bad guys ) make you crazy Master Knowledge , and ,please,  keep making your nice-looking CCleaner-versions , everytime when a new version comes out.................!!      :D:D

Link to comment
Share on other sites
Iznogoud

Iznogoud

Posted
Posted

Current version of CCleaner is 5.34, I installed over version 5.33 (which i was installed from ccsetup533.exe setup). Is my PC (win 10 x64) infected?

ESET do not report anything.

Link to comment
Share on other sites
HJSC

HJSC

Posted
Posted

Well, now I feel more relieved, since I installed the 5.33.6162 version in the middle of the month of August. However, I downloaded 5.34.6207 versions on September 12th.

 

Link to comment
Share on other sites
Cat'

Cat'

Posted
Posted

this is the application that has most met the needs of cleaning temporary files, time use the slim version that has similar functions !. Effective the recommended program.

Link to comment
Share on other sites
BALTAGY

BALTAGY

Posted
Posted
4 hours ago, Recruit said:

Oh yeah : Avast investigated the incident but their engine doesn't recognize the threat : :rofl::lmao:

 

0pYvbAA.png

This is the hash that should be detected you will find it here>>

 

and still Avast don't detect it lol :lmao:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...