Recent updates of CCleaner were packed with a backdoor threat
If you have never used it, there’s a good chance that you have heard about the CCleaner utility application. CCleaner has been presented like a number one tool for cleaning your Windows machine. It protects your privacy and makes your computer faster and more secure.
Today, CCleaner developer Piriform has confirmed that several recent versions of their known utility have been compromised by a backdoor virus.
Piriform said that an unauthorized modification of CCleaner.exe binary resulted in the injection of a two-stage backdoor virus. This allows the attacker to run the code from a remote IP address on affected systems.
Piriform also said that both 32-bit versions of CCleaner v.5.33.6162 and Cloud version v1.07.3191 were affected. Malicious code was apparently inserted and hidden in the application’s initialization Common Runtime (CRT) code. CRT is usually inserted with the compilation by the compiler.
Once the backdoor was installed, it started collecting various private information like the IP and MAC address of the infected machine, installed applications etc. Gathered information was then sent to a remote IP address.
The threat has now been disabled according to Piriform as they have managed to block the rogue server. Even though the threat has been disabled, consumers are advised to upgrade to the latest available version. CCleaner Cloud application has already been automatically updated.
Piriform said that they’re still investigating the source of the attack. They have also confirmed that no harm was done before prior to blocking the affected version.