{"id":3796,"date":"2017-09-18T16:34:20","date_gmt":"2017-09-18T14:34:20","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=3796"},"modified":"2021-10-03T23:07:30","modified_gmt":"2021-10-03T21:07:30","slug":"ccleaner-has-been-infected-with-malware","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2017\/09\/18\/ccleaner-has-been-infected-with-malware\/","title":{"rendered":"CCleaner has been infected with malware"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" height=\"47\" align=\"left\" \/>[<a href=\"http:\/\/www.borncity.com\/blog\/2017\/09\/18\/autsch-ccleaner-als-malware-schleuder\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]Piriform's cleaning tool for Windows, CCleaner, now belonging to Czech Anti Virus vendor AVAST, has been compromised and served malware for a month.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/ssl-vg03.met.vgwort.de\/na\/072a7b4dcfa5474e910c8e9d2d087861\" alt=\"\" width=\"1\" height=\"1\" \/>My credo is: keep your fingers off to system cleaners &#8211; but many users swear at CCleaner from Piriform. This free system cleaner for Windows is often used by many users. Some time ago, CCleaner was taken over by the Czech security company AVAST.<\/p>\n<p><img decoding=\"async\" title=\"CCleaner\" src=\"https:\/\/2.bp.blogspot.com\/-qi4FSpRozUc\/Wb8VCqNIdUI\/AAAAAAAAAXQ\/1TRYybdmkkUbrd428EfrM3d4NSG_DGQ0QCLcBGAs\/s640\/image7.png\" alt=\"CCleaner\" \/><br \/>\n(Source: Talos)<\/p>\n<p>Some versions of CCleaner app, downloaded between August 15. and September 12, 2017 has been delivered with an infected Floxif malware installer. This was published by a new report vom <a href=\"http:\/\/blog.talosintelligence.com\/2017\/09\/avast-distributes-malware.html\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Talos<\/a>.<\/p>\n<p>The malware then retrieved additional code from the malware server and transmitted data such as the IP address, computer name, installed software and existing network adapters to a server in the USA. This happened from August 15, 2017 with CCleaner 5.33 and from August 24, 2017 with CCleaner Cloud 1.07.<\/p>\n<p>Talos assumes that the server through which the CCleaner installer was distributed was compromised. The installer was signed with a valid certificate. Piriform has confirmed this incident today within a <a href=\"https:\/\/web.archive.org\/web\/20180122050706\/http:\/\/www.piriform.com:80\/news\/blog\/2017\/9\/18\/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users?\" target=\"_blank\" rel=\"noopener noreferrer\">blog post<\/a>. According to the blog post, only 32 bit Windows version has been affected. The malware has been found in CCleaner version 5.33.6162 and CCleaner Cloud Version 1.07.3191. Newer versions of CCleaner are free of malware. AVAST says, that 3 % of all CCleaner installs are effected \u2013 but this are 2.27 million affected machines. AVAST intends to add a new signature to its antivirus scanners and will inform affected users. Further details may be found at the report from <a href=\"http:\/\/blog.talosintelligence.com\/2017\/09\/avast-distributes-malware.html\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Talos<\/a> and at <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ccleaner-compromised-to-distribute-malware-for-almost-a-month\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bleeping Computer<\/a>.<\/p>\n<p>Addendum: AVAST has posted <a href=\"https:\/\/web.archive.org\/web\/20170919184527\/https:\/\/blog.avast.com\/update-to-the-ccleaner-5.33.1612-security-incident\" target=\"_blank\" rel=\"noopener noreferrer\">this article<\/a>, explaining further details about the hack. Details about the backdoor may be found at\u00a0<a href=\"http:\/\/blog.morphisec.com\/morphisec-discovers-ccleaner-backdoor\" target=\"_blank\" rel=\"noopener noreferrer\">morphisec.com<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Piriform's cleaning tool for Windows, CCleaner, now belonging to Czech Anti Virus vendor AVAST, has been compromised and served malware for a month.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[1041,244],"class_list":["post-3796","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-ccleaner","tag-malware"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/3796","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=3796"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/3796\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=3796"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=3796"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=3796"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}