CCleaner is infected with malware – everything you need to know

CCleaner is a more than 2 billion download of Internet security software, the latest version of the hacker attack hijacked to distribute the user with the back door of the malicious software, the infected version was 227 million people to use. If you downloaded or updated the CCleaner application from your website on August 15th to September 12th, your computer has been compromised! Here’s what you need to know and how to deal with the program:

What happened?

An unknown hacker organization invaded the CCleaner infrastructure.

The attacker added malware to the 32-bit CCleaner version 5.33.6162 and the CCleaner Cloud version 1.07.3191.

This part of the file will affect users who have downloaded CCleaner software between August 15 and September 12 this year.

Who will be affected?

Every user who has downloaded and installed this infected version within the above period will be affected.

Avast estimates that the number of affected equipment is 2.27 million units.

What is the trouble with the malware?

This malware, called Floxif, collects all types of data from infected computers, including the computer name, the list of installed software, the list of currently running processes, the MAC addresses of the first three network interfaces, and the specifics of each computer Unique ID and so on.

The malware will also download and execute other malware, but Avast says it has not yet found evidence that an attacker has used this feature.

How to fix?

This malware is embedded into CCleaner’s executable file. Upgrade CCleaner to v5.34 to remove old executables and the malware. CCleaner does not automatically update, so users must manually download and install CCleaner 5.34.

Avast pointed out that it has already been updated for CCleaner Cloud users, so this part of the user will not be affected. The current clean version of CCleaner Cloud is 1.07.3214.

What are the details?

This malware will only be executed when the user is using an administrator account. If you use a low-privilege account to install CCleaner 5.33, it will not be affected. But still, recommend that you update to 5.34 version.

Why can anti-virus software not find this infection?

The malware included in the CCleaner library has a valid digital certificate signature.

Note:

you can read ccleaner malware analysis here.