Hackers compromise CCleaner software

19 Sep 2017

Hackers broke into UK company Piriform Ltd's free software last month. According to the company, and independent experts, the breach could allow hackers to control the devices of millions of users. Over 2 million people downloaded compromised versions of Piriform's program, which then directed the users to get instructions from servers under the hacker's control, Piriform said. Piriform said, working with law enforcement, it cut off communication to the servers before any malicious commands were detected. The move comes after security researchers at Cisco Systems Inc and Morphisec Ltd alerted Piriform's parent Avast Software of the hack last week.

The malicious program was bundled into legitimate software called CCleaner, which removes junk programs and advertising cookies to speed up devices. CCleaner was acquired by Prague-based Avast, one of the world's largest computer security vendors in July.

According to security researchers at Cisco's Talos unit, a CCleaner version downloaded in August and September included remote administration tools that tried to connect to several unregistered web pages, presumably to download additional unauthorised programs.

According to Talos researchers Craig Williams, it was a sophisticated attack because it penetrated an established and trusted supplier in a manner similar to June's ''NotPetya'' attack on companies that downloaded infected Ukrainian accounting software (See: Crime group behind ''Petya'' ransomware re-emerges to distance itself from global cyberattacks this week).

Meanwhile, Piriform said in a blog on its web site, ''We would like to apologize for a security incident that we have recently found in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. A suspicious activity was identified on September 12th, 2017, where we saw an unknown IP address receiving data from software found in version 5.33.6162 of CCleaner, and CCleaner Cloud version 1.07.3191, on 32-bit Windows systems. Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process. We also immediately contacted law enforcement units and worked with them on resolving the issue.''