Security Alert: Supply Chain Attack Nabs CCleaner

Researchers at Cisco Talos discovered that CCleaner’s 32-bit version (v5.33.6162 and CCleaner Cloud v1.07.3191) were compromised using the app’s v5.33 installer.

According to the Graham Cluley post, once a user downloaded and installed the tainted version, malware would determine if the user had admin rights and then proceeded to steal data, sending it to the hacker’s server.

Security firm, KnowBe4 reported that Avast estimated that over two million users ran the compromised version.

Of great concern is that the app had a valid digital certificate issued to the software’s developer.

CCleaner is a popular utility from Piriform which was purchased by the anti-virus maker, Avast a few months ago and is used by millions around the globe.

In fact, CCleaner recently boasted that the app had over two billion downloads and is adding about five million new users per week.

At this time it is unclear who the hackers were or how they infiltrated the popular app. Cisco Researchers speculate that they compromised a portion of the development or build environment, injecting their malicious code.

Targeted information:

  • Name of the computer
  • List of installed software, including Windows updates
  • List of running processes
  • MAC addresses
  • Process running with administrator privileges
  • 32-bit or 64-bit system

Anyone using the 32-bit version of CCleaner should immediately find out if they’re using v5.33.6162 and update it immediately. It is very important that users of the free version update their software manually since automatic updates are not available.

 

XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 250+ Petabytes of data with over 800 employees around the globe. Call (845) 362-9675 and lets discuss your specific needs.