Published on : Sep 19, 2017
CCleaner, a free software by Piriform Ltd., had been compromised last month, according to the British firm and independent researchers. Over a two million people downloaded the tainted edition of the program, which headed their computers to receive instructions from servers under the hacker’s command. The company has said it cut off communication to the hacker’s servers and worked with law enforcement before the detection of any malicious commands.
This came after the company’s parent Avast Software had been alerted of the hack by Morphisec Ltd. and Cisco Systems, Inc. last week. There were 130 million users of CCleaner at the time of the acquisition, said the company. Cisco Talos has pointed out that the August and September downloaded editions incorporated remote administration tools which sought to connect to sundry unregistered web pages, supposedly to download added unauthorized programs.
U.S. Server Shuts Down before Hackers Commit any Harm
Piriform had announced in a blog post that CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 released in August had been compromised. Users had been advised to download new editions of the two programs. CCleaner’s August edition was downloaded by 2.27 million users; however, the compromised edition of CCleaner Cloud had been installed by only 5,000 users. The company has said that its parent firm had discovered the hacks on September 12 and an uncompromised and a new edition of CCleaner was made available on the same day. On September 15, CCleaner Cloud’s clean edition had been released.
Cisco nor Morphisec have been credited by Piriform in its technical blogs or press releases. Instead, parent company Avast has been attributed for the still-unexplained compromise. Cisco saw nearly 200,000 attempts made to connect to the controlling web addresses after they were seized.