Have you downloaded this free Windows cleaning tool lately? It is one of the best programs out there for clearing out your browser cookies, trackers, internet history, download history, cache and individual browser session activity.
However, if you've downloaded or updated this version of the program recently, you may be unwittingly infecting your computer with malware.
Security researchers at Cisco Talos recently discovered that the download servers for popular Windows cleaning tool CCleaner were broken into by hackers and they modified the CCleaner software to distribute malware.
The modified version can send the infected computer's name, installed software and running applications to the attacker's server and in turn, can install further malicious programs like ransomware or keyloggers.
“For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,” revealed the Talos researchers.
How popular is CCleaner? According to its developer Piriform (owned by Avast), CCleaner has 2 billion downloads so far, with 5 million extra downloads per week.
According to the investigation, the hacked version with the malicious backdoor was available as far back as September 11 and may affect as much as 2.7 million users.
Piriform believes that the worst is now over and it was able to contain the attack before it harmed its users. The backdoor appears to affect anyone who downloaded or updated CCleaner between August 15 and September 12. The company said in a blog post that it detected suspicious activity on version 5.33.6162 of CCleaner and CCleaner Cloud version 1.07.3191 on 32-bit Windows systems.
How to ensure your CCleaner is safe
If you already have downloaded CCleaner, the company is encouraging you to roll back your system to a time before August 15 or to update to CCleaner version 5.34 or higher. Click here to make sure you're getting the safe, updated version.
"The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version," Piriform explained.
Although the attack seems to have been contained, it presents a troubling scenario for developers who built their software's reputation around the public goodwill and trust they've fostered through the years. By exploiting this trust, hackers can slip malware through commonly used software, eluding security defenses.
As the Talos team concluded - "This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world.
"By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates."