It is understood that v1.07.3191 of CCleaner Cloud may also be affected, but no other Piriform or CCleaner products are thought to have been affected by the hack.
CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week.
A spokeswoman said that 2.27 million users had downloaded the August version of CCleaner while only 5,000 users had installed the compromised version of CCleaner Cloud.
Remote administration tools were included in a version downloaded in August and September 2017. This came after security researchers at Cisco Systems Inc and Morphisec Ltd alerted Piriform’s parent Avast Software of the hack last week.
But it was found that two lines of code had been injected into the software, opening a channel from a user’s PC to receive commands from hackers.
In a blog post penned by the company’s CEO Vince Steckler and CTO Ondrej Vlcek, Avast suggested that before acquiring Piriform, the maker of CCleaner on July 18, 2017, the compromise of the application may have already begun.
Piriform’s servers are said to have been hacked at some stage this summer, with the malicious version of CCleaner uploaded on August 15.
Following this, it’s best to run a scan of your computer, either via your antivirus program if you have one, or by downloading MalwareBytes Anti-Malware Free.
“This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world”, Talos researchers Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig Williams wrote today on the Talos blog.
A malicious program was inserted into its free & legitimate software, CCleaner. The attack was carried out in a similar manner as “NotPetya” attack in June 2017.
“Customers are advised to update to the latest version of CCleaner, which will remove the backdoor code from their systems”.
‘There is nothing a user could have noticed, ‘ said Williams. However, “the lack of automatic updates for the free edition of CCleaner may actually have reduced the total number of users put at risk by the compromised version”, United Kingdom security writer Graham Cluley noted in his blog today.
AVAST, the anti-virus firm that owns CCleaner, has played down Cisco Talos’ involvement in uncovering the recent compromise of its app as well as the number of users affected.
If you’ve recently downloaded CCleaner, it’s possible your PC is affected.
Hackers have targeted a type of personal computer cleaning software. “The investigation is still ongoing”.