[German]Piriform’s cleaning tool for Windows, CCleaner, now belonging to Czech Anti Virus vendor AVAST, has been compromised and served malware for a month.
My credo is: keep your fingers off to system cleaners – but many users swear at CCleaner from Piriform. This free system cleaner for Windows is often used by many users. Some time ago, CCleaner was taken over by the Czech security company AVAST.
Some versions of CCleaner app, downloaded between August 15. and September 12, 2017 has been delivered with an infected Floxif malware installer. This was published by a new report vom Cisco Talos.
The malware then retrieved additional code from the malware server and transmitted data such as the IP address, computer name, installed software and existing network adapters to a server in the USA. This happened from August 15, 2017 with CCleaner 5.33 and from August 24, 2017 with CCleaner Cloud 1.07.
Talos assumes that the server through which the CCleaner installer was distributed was compromised. The installer was signed with a valid certificate. Piriform has confirmed this incident today within a blog post. According to the blog post, only 32 bit Windows version has been affected. The malware has been found in CCleaner version 5.33.6162 and CCleaner Cloud Version 1.07.3191. Newer versions of CCleaner are free of malware. AVAST says, that 3 % of all CCleaner installs are effected – but this are 2.27 million affected machines. AVAST intends to add a new signature to its antivirus scanners and will inform affected users. Further details may be found at the report from Cisco Talos and at Bleeping Computer.