CCleaner is a well-known software for optimizing and enhancing pc performance. Therefore they have more than 2 billion downloads worldwide. Recently Avast brought this software from Piriform. If you updated your CCleaner between August 15 and September 12 then you are in deep trouble.
A security research team from Cisco Talos discovered the new threat. They revealed that hackers hacked the distribution server used by Avast. Also, they changed the real CCleaner software with a malicious one. They kept distributing it for nearly one month. As a result, it has already reached millions of users and infected their computers.
This type of attack is called a chain attack. Hackers are using this method more and more. In this method, hackers use any companies server to distribute their malware. The Petya ransomware was also distributed via this method. Petya wrecked havoc worldwide and we can only hope that the same thing doesn’t happen with CCleaner.
Avast and Piriform both publicly admitted that the Windows 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were affected. The malware will gather data from your computer and send them to the hackers private server.
The malware will collect your computers name, List of installed software, IP and MAC addresses and other sensitive information.
“All of the collected information was encrypted and encoded by base64 with a custom alphabet,” says Paul Yung, V.P. of Products at Piriform. “The encoded information was subsequently submitted to an external IP address 216.126.x.x (this address was hardcoded in the payload, and we have intentionally masked its last two octets here) via a HTTPS POST request.”.
The infected CCleaner app possibly affected 20 million people but Piriform claims that the software reached only 3 million people.
“The impact of this attack could be severe given the extremely high number of systems possibly affected. CCleaner claims to have over 2 billion downloads worldwide as of November 2016 and is reportedly adding new users at a rate of 5 million a week,” Talos said.
How To Fix This Issue
You can update your software from the official site to remove the malware. Upgrade it to version 5.34 or higher to protect your computer. You can also format your computer if you want to be completely sure.
Also published on Medium.