CCleaner, the popular file clean-up and performance optimization utility for Windows, has been hacked to spread malware to users of the 32-bit version. The breach was discovered by security researchers at Cisco Talos Group. They found that the hackers were able to inject the malware into the app by accessing the download servers used by the antivirus provider Avast (the parent company that owns CCleaner). “For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,” writes the Talos team.
The malware allowed an infected system to be remotely controlled and collects data from your computer. “The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA,” Piriform says in a statement issued on Monday.
The malware affects CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. According to Avast, about 2.27 million people ran the affected software. Luckily, the company is taking the necessary steps to correct the situation. In a blog post this morning, Piriform exec Paul Yung writes, “we’re moving all existing CCleaner v5.33.6162 users to the latest version. Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.”
Check Your Version of CCleaner
To determine the version of CCleaner you are currently running simply launch the application and check the version number on the upper-left of the app next to the logo. The current non-compromised version at the time of this writing is 5.34.6207.
If you haven’t run CCleaner in a while you will probably get a message, similar to the one shown below, that alerts you to an available update.
Note that the Android version was not affected. Only the 32-bit version for Windows was compromised. If you’re running the 64-bit version, you should be fine – but it wouldn’t hurt to check for an update.