If you use CCleaner for Windows by Avast (as I do) you should check what version you are running and immediately update or remove the software; researchers at Cisco's Talos unit and Morphisec have discovered that criminals managed to install a backdoor in the popular clean-up-your-computer tool, that, according to its maker, has been downloaded 2 billion times.

The infected versions are CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191, and you may have the former version if you installed the application between August 15th and September 12th of this year, as approximately 2.3 million people did. The infected software allows criminals to collect data from, and install malware onto, computers running it, which means that anyone running the app could be in for a nasty surprise if they do not get rid of it. The nature of this compromise - getting a backdoor into maintenance software - strongly suggests that criminals managed to gain access to a machine used in the process of producing the CCleaner application.

Piriform, the unit of anti-virus giant, Avast, that makes CCleaner, said that it has worked with law enforcement to shut down a server to which traffic from the infected app was being sent. Interestingly, that server was located within the United States. The firm believes that criminals were stealing data from infected computers, but had not yet used the infected software to install additional malware.

If you are running CCleaner you should update it to the latest version (5.34); CCleaner does not auto-update. Users of the infected version of CCleaner Cloud received an automated update and Piriform believes that in the case of the cloud version, it was "able to disarm the threat before it was able to do any harm."

Note to criminals: I was not using version 5.33.6162.

Published on: Sep 18, 2017