Most security experts will tell you that only trusted sources should be used when downloading and installing software, but what happens when that trusted source is also hacked? Such is the case with a recent breach where CCleaner — a part of the Avast network of antivirus and anti-malware applications — was shown to have malicious code inserted into its core.
You might know of CCleaner. It’s a common application that helps users clean their registry and other unnecessary files to speed up their computer. It isn’t an antivirus application like Avast, but it runs several checks on a Windows system to identify possible performance issues, and registry entries (that are no longer required by any of the installed software). After a recent release, it was confirmed that some of the 32-bit versions of CCleaner were listening for a connection from an application that could essentially take control of a user’s computer.
Luckily the attack only targeted the 32-bit version of the cleaner (not the large number of users that use CCleaner both 32-bit and 64-bit versions), hence only 2.27 million people were infected with malicious software. Whilst still a large amount of people, the attacker could have taken advantage of the malware, and could have caused a more wide-ranging attack on the Internet.
What occurred — according to Piriform — was that an unauthorized change to the CCleaner.exe binary was shared with some users. Those users downloaded a backdoor that could allow a remote attacker to take control of the user’s computer by sending more malicious code. This kind of supply chain attack leveraged the trust between manufacturer and customer, to silently install a malicious payload on to millions of machines.
Avast and CCleaner representatives have still not released the details of what happened to the security of their system, where the attack came from, or what they have done to secure the system going forward. As with any other attack, the organization needs time to clean up after the incident and then investigate. In the meantime, Piriform continues to work with law enforcement to find the security flaw in their system.
The developers quickly released an update that is free from malware. If you use CCleaner and downloaded desktop version 5.33.6162 and CCleaner Cloud version 1.07.3191, then you should go to Piriform’s site and download the latest updated version here. If you’d like to read more about the attack and Piriform’s response to it, you can read here.