Hackers recently managed to hide malware in an update to the popular security application CCleaner, which was distributed to millions of users. According to developer Piriform, the hack affected CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users. CCleaner users are urged to update immediately.
Piriform’s parent company Avast claims that 2.27 million people used the affected software. However, the company’s statement is also quick to note: “We resolved this quickly and believe no harm was done to any of our users.”
A report from researchers at Cisco Talos noted the infected update was issued from Aug. 15 to Sept. 12, when a newer update was released. The researchers claim they notified Avast of its findings on Sept. 13.
Piriform bills CCleaner as “the world’s most popular PC cleaner and optimization tool,” though there also versions of the software for Mac and Android. Ironically, the software is designed to protect a computer by deleting unwanted and invalid files from a computer. Overall, CCleaner has been downloaded more than 2 billion times worldwide.
Avast CTO Ondrej Vlcek told Forbes that though the number of those affected is large, there’s no reason for users to panic. Vlcek said the malware “was prep for something bigger, but it was stopped before the attacker got the chance.” He also said another third party — not Cisco Talos — was the first to notify Avast.
The Forbes report noted the company may be downplaying the threat from the hack, and a quote from Virus Bulletin’s Martijn Grooten expressed concern. However, Grooten also noted in a tweet that “There is no evidence of anything bad actually having happened.”
Mind you, I'm not saying what Piriform is saying is untrue. There is no evidence of anything bad actually having happened. https://t.co/VHmD3B1nVu
— Martijn Grooten (@martijn_grooten) September 18, 2017
Again, if you’re a CCleaner user, update your software immediately. Though it appears that users may have dodged a bullet in this particular hack, it’s a good idea to stay informed by reading any CCleaner news updates over the coming weeks, as more important details may be revealed.