CCleaner August Versions (v5.33.6162) Injected, Compromised

[PoBoy]

https://www.techpowerup.com/237111/...gust-versions-v5-33-6162-injected-compromised

... so if you make use of CCleaner, make sure to check your software version, and force an update through the app. Or better yet, make sure to uninstall the app and install the new, corrected version, which currently stands at 5.34.6207.

 

[k_m_Arya]

Stopped using CCleaner since avast bought them, Guess I Just dodged a bullet.

 

[swatkats]

Hackers broke into British company Piriform Ltd’s free software that optimizes computer performance last month, potentially allowing them to control the devices of millions of users, the company and independent researchers said on Monday.

More than 2 million people downloaded tainted versions of Piriform’s program, which then directed the computers to get instructions from servers under the hacker’s control, Piriform said.

In a blog post, Piriform confirmed that two programs released in August were compromised. It advised users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 to download new versions. A spokeswoman said that 2.27 million users had downloaded the August version of CCleaner while only 5,000 users had installed the compromised version of CCleaner Cloud.

Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12. A new, uncompromised version of CCleaner was released the same day and a clean version of CCleaner Cloud was released on Sept. 15, it said.

Source: http://www.reuters.com/article/us-s...r-software-avasts-piriform-says-idUSKCN1BT0R9


32-Bit version (v5.33.6162) looks to be the compromised one.

 

[vishalrao]

Good job on the quoting here dude [DOUBLEPOST=1505792353][/DOUBLEPOST]already posted earlier on TE i guess.

 

[vishalrao]

@RakaKaKaka enjoy the news.

 

[RakaKaKaka]

thank god i had uninstalled it long ago

 

[vishalrao]

you're missing the point - avast is another one too probably.

 

[swatkats]

Any other softwares similar to CCleaner?

 

[Vasishta.Sushant]

Oh damn. I use it on all my machines. Got to move away from that one now.

 

[swatkats]

http://www.tomshardware.com/news/avast-ccleaner-malware-incident-details,35487.html

MorphiSec, which sells endpoint security solutions to enterprise customers, that first learned about the CCleaner malware on August 20 -- not Avast itself. On September 12, MorphiSec notified Avast and Cisco about the malware and both started their own investigations. Avast also contacted law enforcement on the same day.

On September 14, Cisco’s Talos Intelligence division told Avast about its own findings regarding the malware. On September 15, law enforcement was able to shut down the attackers’ command and control servers, and Avast released CCleaner version 5.34, which no longer contained the malware. On September 18, both Piriform and Cisco’s Talos division made the announcement about the incident.

How awesome!

 

[k_m_Arya]

Any other softwares similar to CCleaner?

If you're running Windows 10, there's no need to use anything like this to free up space since windows does it. Bleachbit is one of the free opensource alternatives.

 

[CapriAnupam]

If you're running Windows 10, there's no need to use anything like this to free up space since windows does it.

Sorry to say, but you are wrong.

Windows, whatever version, be it Windows 10 (or earlier), does not free up space on its own. Windows does not have a built-in cleaner. You have to install software like CCleaner etc, to free up space, like temporary files, browser data, etc. If you don't, that stuff will just keep on piling up.

Apart from CCleaner, yes, BleachBit is a good open source alternative. Privazer is also quite popular these days.

CCleaner is quite a safe cleaner though, even in the hands of a general user. It's really unfortunate that this recent incident happened with CCleaner.

Avast recently acquired Piriform, and considering they are a security company, this should have been handled more nicely. There is confusion among users (I had too), whether uninstalling, or updating CCleaner to the recent version will remove the malware or not. Piriform should have provided all this in detail, and users shouldn't have to search for this and read it from other sites. Anyways, here is a helpful article:

https://www.bleepingcomputer.com/ho...dent-what-you-need-to-know-and-how-to-remove/

 

[paarkhi]

The Floxif malware appears to infect only 32-bit Windows systems, and most PCs sold in the last 5 years run 64-bit Windows.

https://www.tomsguide.com/us/ccleaner-utility-malware-infected,news-25851.html

==========================================================================
Anyhow I was not infected because I couldn't find the agomo folder in regedit which the floxif malware creates, if someone isninfected then just by updating ccleaner will not be enough, you may need to follow the steps mentioned here

 

[CapriAnupam]

Anyhow I was not infected because I couldn't find the agomo folder in regedit which the floxif malware creates, if someone isninfected then just by updating ccleaner will not be enough, you may need to follow the steps mentioned here

There is nothing of significance in the link shared above. The only purpose I noticed is to advertise the SpyHunter software. General users will get confused with the above link, and it will only make things worse for them.

The bleeping computer link contains accurate information.

BTW, CCleaner 5.35 with new digital signature has been released and is available for download. The slim version without any bundled software, or the portable version is recommended.

http://www.piriform.com/ccleaner/builds

 

[meetdilip]

I have CCleaner on a few machines. How can I check whether I am infected ? Does uninstalling CCleaner removes malware as well ?

 

[CapriAnupam]

To check if the computer is infected, look here:

https://www.bleepingcomputer.com/ho...dent-what-you-need-to-know-and-how-to-remove/

BleepingComputer have released an article in detail on how to remove in case your computer is infected.

https://www.bleepingcomputer.com/virus-removal/remove-floxif-ccleaner-trojan#self-help

BTW, there is an article on Ghacks, that says that a second payload has been discovered for the malware. That's bad news :/

https://www.ghacks.net/2017/09/21/ccleaner-malware-second-payload-discovered/

Reading above article, it seems that system restore to a previous restore point isn't enough, and reinstall of Windows, or restoring from an earlier backup image is required.

 

[PoBoy]

http://www.in.techspot.com/news/sec...munication-companies/articleshow/60785618.cms

According to Cisco Talos and Avast , this wasn’t your run-of-the-mill hack but rather, a seemingly sophisticated attack that targeted nearly two dozen large technology and telecommunication companies in the US, Germany, Japan, Taiwan and the UK.
The actual number of systems that received the secondary payload is likely in the order of hundreds, Avast indicates.