Recent versions of utility program CCleaner shipped with a hidden backdoor
If you use the popular utility program CCleaner to clean and optimize your PC, you’d better make sure to update to the latest version of the program. Today, developer Piriform has acknowledged that recent versions of CCleaner and CCleaner Cloud have been compromised with a hidden backdoor, though the company says that it has since disarmed the threat (via Windows Central).
According to Piriform, the security incident affected version 5.33.6162 of CCleaner and version 1.07.3191 of CCleaner Cloud on 32-bit Windows systems. “An unauthorized modification of the CCleaner.exe binary resulted in an insertion of a two-stage backdoor capable of running code received from a remote IP address on affected systems,” explained the company in a blog post. “The suspicious code was hidden in the application’s initialization code called CRT (Common Runtime) that is normally inserted during compilation by the compiler.”
Once the compromised version of the PC cleaning software was installed on a 32-bit Windows PC, the app was able to collect private information such as the list of installed software, IP and MAC addresses and more, and send it to an external IP address. “The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version. Users of CCleaner Cloud version 1.07.3191 have received an automatic update,” explained the company.
Piriform says that it’s still investigating where the attack came from, and the company sent a reassuring message. “To the best of our knowledge, we were able to disarm the threat before it was able to do any harm,” the blog post reads. However, security researchers from Cisco Talos who discovered the backdoor say that a vast number of machines may have been at risk. “The impact of this attack could be severe given the extremely high number of systems possibly affected, explained the researchers. “CCleaner claims to have over 2 billion downloads worldwide as of November 2016 and is reportedly adding new users at a rate of 5 million a week.” Again, make sure to update to the latest version of CCleaner as soon as possible.Further reading: CCleaner, Malware, Security, Windows