CCleaner, a reputable personal computer utility faced a scandal over the compromised installers on its download servers. CCleaner is used as a registry cleaner, uninstaller, and computer optimisation tool. It includes temporary files deletion and scanner that helps user run the computer faster, and also improves boot-up or start up of slow computers. However, due to its popularity due to its free version features and need for PC maintenance utility, CCleaner Download Server get hacked. Compromised installer was uploaded and being downloaded by users worldwide unknowing the malware that runs with the program.
It was known that since August 15 to September 12 2017 was the date range the infected installer was being downloaded from the hacked CCleaner download server. Certain version and installer type was infected. Scan reveals that CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 Windows 32-bit version are infected. The malware gets into the Windows system upon installation to execute a multi-stage malware payload that steal sensitive end user data. The infected PC will find its data sent to a remote attacker’s command and control servers. Users are advised to remove the version of CCleaner application with the date range mentioned. Antivirus scan is also advised.
Exploiting the wide reach of popular software are being exploited for the benefit of malicious hackers. This technique has been around to distribute malware infected installers. Early identification can stop the release of the tampered installer. Prevention is better than cure, hence observing superior IT security practice will make such incidence occur at lesser occurrence which is what end users expect for their data security. The installer from the servers are now cleaned and no longer distribute malware infected files.