Researchers have found out that hackers broke into the British Company Piriform’s free software CCleaner which is used for optimizing computer performance last month, potentially allowing hackers to control more than 2 million users, the company and researchers unveiled today—Reuters reported.
CCleaner is legitimate software which is downloaded and used by millions of users around the world, the software is downloaded five million times a week. It cleans the hard drive and memory to speed up the systems.
Hackers injected malicious program into the CCleaner to get access to the system files, Piriform’s main product CCleaner was bought in July by Avast, one of the leading security vendors, Avast said they had 130 million users at the time of the deal.
Cisco’s Telos researchers said a version of CCleaner software downloaded in August had remote administration tools which tried to connect to several unregistered web pages, assuming that to download additional illegitimate programs.
Craig Williams Talos researcher said it was an innovative attack because it managed to penetrate into the trusted supplier similar to the June’s attack “NotPetya” on the companies which downloaded infected accounting software.
Piriform has confirmed in a blog post that two versions of the software released in August are compromised. The company has advised users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 to download new updated versions.
According to the spokesperson Piriform, 2.27 million people downloaded the August version of CCleaner and only 5000 users have actually installed the compromised version of CCleaner Cloud.
Piriform said Avast, its new parent company has unveiled attacks on September 12, the new compromised version of the software was released the same day and a clean version of CCleaner Cloud was released on September 15.
Williams said CCleaner doesn’t automatically update, so everyone who has downloaded the compromised version has to delete the one and install a fresh version in order to be safe from any threats in the future.
Talos detected the attack at an early stage when the hackers were collecting information from the compromised machines rather than forcing the machines to install new programs, said Williams.
The company also contacted US law enforcement to shut down the server where the traffic was set to be directed, the server was closed down on September 15 before any big reported damage.
If you use CCleaner in your system, you immediately need to uninstall it from your system and install the latest version of the software to remain protected from the attack.