A popular cleanup tool CCleaner, file clean-up software run by an anti-virus company Avast, for 32-bit Windows machines has been hit by a nasty malware, which might affect more than 130 million users.
The users are advised to update their software immediately after researchers discovered criminal hackers had installed a backdoor in the tool, in order to dodge being the victim of the malware.
The malware has affected the regular and cloud-based versions of CCleaner. The infected application allows you to download other malware like ransomware or keyloggers.
Security researchers at Cisco Talos were the first one who spotted the malicious code on September 13 after CCleaner 5.33 caused Talos systems to trigger its malware protection systems, "the executable in question was the installer for CCleaner v5.33, which was being delivered to endpoints by the legitimate CCleaner download servers."
According to the researchers, it has 2 billion downloads and every week they are getting 5 million extra, making the threat more severe than thought.
Talos’ researchers published a blog post in which they compared this malware with NotPetya ransomware that caused havoc around the world in June this year.
Piriform—CCleaner's UK-based developer, which was acquired by Avast in July, has sought to ease concerns of the users. Paul Yung, vice president of Piriform, wrote a post: "Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process.
"The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker.
"Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm."
Yung explains:
‘’At this stage, we don’t want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it. The investigation is still ongoing ...
Again, we would like to apologize for any inconvenience this incident could have caused to our clients; we are taking detailed steps internally so that this does not happen again, and to ensure your security while using any of our Piriform products. Users of our cloud version have received an automated update. For all other users, if you have not already done so, we encourage you to update your CCleaner software to version 5.34 or higher, the latest version is available for download here.”
Updated versions of CCleaner and CCleaner Cloud have been released; users are advised to download the latest version of CCleaner.