Piriform, the firm behind “CCleaner,” has announced that malware was distributed by the application for nearly one month.
It has been revealed that CCleaner, a popular application for file clean-up and performance optimization suffered a “security incident” last month, which resulted in malware being unknowingly distributed for four weeks.
Announced today in a blog post from the program’s developer, Piriform, 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191 distributed malicious software, between August 15 and September 12. After being notified of the issue by Cisco Talos, the firm prevented any further downloads of these versions, while pushing out an automatic update to affected users.
Alongside a download of these versions of CCleaner, users unknowingly installed the software, which was slipped into the installer and distributed through official servers. The malware sent various encrypted information from affected PCs to attackers, including PC names, installed and running software, Windows updates and MAC addresses of network adapters.
These exploits also allowed affected PCs to be remotely controlled, with the capability to download and install additional binaries. However, it has been noted that execution of the second stage is yet to be seen, meaning no additional software should have installed to devices.
Piriform, the company behind CCleaner was acquired by Avast earlier this year – a security giant with products spanning security, privacy, and performance-enhancing applications. With 2 billion users and 5 million weekly installs for CCleaner alone, today’s news has a severe reach to millions of users. While it’s currently unknown how this incident occurred, Piriform has noted it’s investigating into the origin of the attack and taking action to prevent future incidents. In the meantime, the company recommends potentially affected users update to the latest version of the program as soon as possible.