Skip to Content
Security & privacy

Free Windows cleanup software puts millions of PCs at risk for hacks

Have you downloaded this free Windows cleaning tool lately? It is one of the best programs out there for clearing out your browser cookies, trackers, internet history, download history, cache and individual browser session activity.

However, if you’ve downloaded or updated this version of the program recently, you may be unwittingly infecting your computer with malware.

Security researchers at Cisco Talos recently discovered that the download servers for popular Windows cleaning tool CCleaner were broken into by hackers and they modified the CCleaner software to distribute malware.

The modified version can send the infected computer’s name, installed software and running applications to the attacker’s server and in turn, can install further malicious programs like ransomware or keyloggers.

“For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,” revealed the Talos researchers.

How popular is CCleaner? According to its developer Piriform (owned by Avast), CCleaner has 2 billion downloads so far, with 5 million extra downloads per week.

According to the investigation, the hacked version with the malicious backdoor was available as far back as September 11 and may affect as much as 2.7 million users.

Piriform believes that the worst is now over and it was able to contain the attack before it harmed its users. The backdoor appears to affect anyone who downloaded or updated CCleaner between August 15 and September 12. The company said in a blog post that it detected suspicious activity on version 5.33.6162 of CCleaner and CCleaner Cloud version 1.07.3191 on 32-bit Windows systems.

How to ensure your CCleaner is safe

If you already have downloaded CCleaner, the company is encouraging you to roll back your system to a time before August 15 or to update to CCleaner version 5.34 or higher. Click here to make sure you’re getting the safe, updated version.

“The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version,” Piriform explained.

Moving forward

Although the attack seems to have been contained, it presents a troubling scenario for developers who built their software’s reputation around the public goodwill and trust they’ve fostered through the years. By exploiting this trust, hackers can slip malware through commonly used software, eluding security defenses.

As the Talos team concluded – “This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world.

“By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users’ inherent trust in the files and web servers used to distribute updates.”

To read the detailed report about this attack, click here.

To read Piriform’s official statement, click here.

More from

Millions of gadgets infected by malware from malicious apps

Bluetooth vulnerability lets hackers take over your Apple, Samsung and Google devices in seconds

Don’t fall for fake “iPhone 8 giveaway” Facebook pages

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days