Hackers have hijacked the popular Windows app CCleaner by injecting malware into the program, resulting in 2.3 million infected computers.
Users who have CCleaner installed in their PC are strongly advised to update the app to its latest version, as failure to do so could lead to greater cybersecurity risks.
CCleaner Malware Discovered
CCleaner, which had 2 billion downloads and 5 million desktop installations per week as of November 2016, has grown into a trusted software for system maintenance and optimization, capable of removing unnecessary data in computers with a few clicks. However, this is also a prime target for hackers who were able to compromise one version of the program.
The threat was discovered by Cisco Talos, which wrote in its blog post detailing the incident that CCleaner suddenly started triggering its advanced malware protection systems. Upon further investigation, the cybersecurity firm found that CCleaner version 5.33 as well as CCleaner Cloud version 1.07 hosted a backdoor that would allow hackers to distribute additional malware to infected computers.
One of the biggest problems with the incident is that the compromised versions of CCleaner were not distributed through third-party sources but were rather downloaded from the app's official website. The infected CCleaner apps were distributed on the website from Aug. 15 until Sept. 11, as version 5.34, which was released in Sept. 12, did not contain the malicious payload.
CCleaner: Should You Panic?
Piriform, the owner of CCleaner, tried to ease the concerns of the app's users. In a blog post written by the company's VP of product Paul Yung, he said that an investigation has been launched on how the CCleaner versions were compromised before they were released to the public, but in the meantime, it has already disarmed the threat before it did any significant damage.
The malware distributed through CCleaner sends information about the infected computers, including their name, installed programs, and running processes back to the server of the hackers. However, it appears that the malware was just the first phase of a larger attack that will never come.
Ondrej Vlcek, the chief technology officer of Avast, which owns Piriform, said that while the company is not downplaying the seriousness of the incident, users should not panic due to the CCleaner malware. Users should be protected from the second stage of the attack as long as they install the software's update, which is automatic for paid versions but require manual installation for free versions.
The bigger questions, however, are who is behind the malware that was injected into CCleaner and how they did it. Even bigger than that is the question of which software we can trust now when even the popular ones are in danger of being compromised.