Popular PC “Cleaning and Optimisation” software CCleaner has been compromised by hackers.
Reported today by Cisco’s Talos Intelligence Group, it would appear that the distribution servers for CCleaner were compromised and the installation media for version 5.33 included malicious payload. This version (5.33) was released on 15/Aug/2017 and was available until 12/Sep/2017 when version 5.34 was released.
CCleaner Cloud version 1.07.3191 is also reported to be affected
The software developer, Piriform, was acquired by Avast – developers of popular anti-malware and internet security software. CCleaner has over 2 billion installs globally and the developer (Piriform) has indicated that they believe that up to 3% (2.2 million) users may be infected.
Presence of valid digitally signed files would suggest that the hackers may have even compromised the development and/or build environments.
It should be noted that the affected version of CCleaner is no longer available for download (though other, not-infected, versions are still available.