Hackers were able to hide malware inside legitimate versions of CCleaner, a popular privacy and PC optimization tool that cleans cookies and junk files out of computers. CCleaner customers have been urged by the software maker to update their software to the most recent version available.
The malware was able to run undetected for nearly four weeks before it was independently discovered by two outside security companies, Morphisec and Cisco’s Talos, in September. In that time, infected versions of the security app were downloaded by at least 2.27 million users, according to Avast, a Czech security company that acquired CCleaner-maker Piriform earlier this year. CCleaner has been downloaded more than 2 billion times and is growing at a rate of 5 million extra users a week.
The tainted versions of the application, the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud, have since been removed and updated versions have been released. CCleaner Cloud users have received automated updates, and Piriform has been working to upgrade CCleaner users to version 5.34 or higher.
The malware appears to have been intended to send sensitive information from the affected computer back to the hacker’s servers, and form a botnet. However, Piriform vice president Paul Yung sought to reassure users, announcing that “to the best of our knowledge, we were able to disarm the threat before it was able to do any harm”,.
What makes this attack disconcerting is the fact that hackers were able to distribute their malware through trusted, signed versions of security software, thereby exploiting “the trust relationship between a manufacturer or supplier and a customer”, the Talos security team wrote in a blog post.
Avast and Piriform have announced that they are working with the federal government to determine how the breach occurred and who was behind it, according to USA TODAY.