The CCleaner, a popular Windows tool, with more than two billion downloads, has used hackers to distribute malware. However, only the 32-bit version of the program was affected. An update is available.
Hackers compromised CCleaner v5.33.6162 and CCleaner Cloud version 1.07.3191. The producer Piriform announced this as part of a blog contribution. According to Paul Yung, Piriform’s VP of Products, the manufacturer detected suspicious activity on September 12, 2017, which revealed an unknown IP address that received data from CCleaner and CCleaner Cloud on 32-bit Windows systems Has. The contaminated CCleaner Piriform versions had a month ago published.
By further analyzes, Piriform concluded that the program files had been modified. The company has also immediately switched on the authorities. Also, the risk to users of the infected versions was reduced by the fact that the server to which the data was sent could be shut down. Other potential target servers were also deprived of control by the hackers. According to the current state of the investigation, the danger could have been countered before users suffered any damage, Yung continued.
According to Piriform, the attackers have made changes to the binary file CCleaner.exe, thereby implementing a two-level backdoor, which should be used to execute code requested by an external IP address. The suspicious code was hidden in the initialization code of the CRT (Common Runtime), which is usually added when compiling by the compiler.
This resulted in a lot of information about the infected computer, including its name, the list of installed programs and Windows updates, the list of running processes, MAC addresses as well as the information about whether the computer is running administrative permissions and whether it is a 64-bit System.
Yung does not want to comment on speculation about how the code could get into his own software, how this was done, and who could behind it. He refers to the ongoing investigation. The experts of the Avast Threat Lab are also involved in this process. Security provider Avast had taken over Piriform in July .
According to Piriform, CCleaner has so far been downloaded over two billion times. The error-corrected version 5.34 and higher is already available for download . Users of CCleaner Cloud version 1.07.3191 have already received an automatic update.