

”ĬCleaner is owned by Avast, the antivirus company, and has already issued a public apology and statement on the incident. Ideally this certificate should be revoked and untrusted moving forward. Troublingly, the malware was digitally signed with an appropriate digital certificate Talos wrote, “the presence of a valid digital signature on the malicious CCleaner binary may be indicative of a larger issue that resulted in portions of the development or signing process being compromised. From August 15 to September 12, the 5.33 version of CCleaner was infected by a malware payload. CCleaner is a popular utility, with an average of five million downloads per week (over two billion downloads cumulatively). Talos Intelligence has published a blog post detailing its research and findings, and they aren’t great.
#Ccleaner malware info update
CCleaner Cloud users should have gotten an update already, but if you use CCleaner and don’t have automatic updates enabled, it would be a good idea to check the situation now. The infected payload affects two CCleaner products - CCleaner v and CCleaner Cloud v. Worse, the company distributed infected versions of its products for nearly a month before realizing the problem. In addition to being installed on more than 2 million systems, the CCleaner malware is dangerous because it can place a backdoor on infected systems that appears legitimate because it is signed with one of Piriform's own digital certificates.CCleaner, the temporary file cleaner and registry optimizer of generally dubious utility in this day and age, has been flagged as containing malware.
#Ccleaner malware info software
However, enterprises that didn't have the software auto-updated needed to manually remove it from the impacted systems. From the nearly 2.27 million systems that installed the impacted CCleaner, only 40 systems were infected, and most of the systems that installed the impacted CCleaner got an auto-update from Avast that removed the malicious version - showing one perk of auto-updates. Morphisec notified Avast of suspicious connections from CCleaner, prompting an investigation.Īny time an enterprise is notified of an attack that it didn't internally detect, it is a bit concerning, but not surprising. Given that CCleaner is used so widely, it's a target for a watering hole attack.Ī recent watering hole attack was disclosed in detail by Avast Software, Morphisec and Cisco, and it described how an attacker was able to gain access to Piriform Software Ltd.'s software development environment to add malware to the legitimate CCleaner software - Avast acquired Piriform last summer. CCleaner software is usually only installed on a few endpoints in an enterprise, but the organization could lose track of the software. Sometimes, the help desk will use tools to investigate an endpoint that may have been infected with malware, and one of those tools is CCleaner. Some software may be managed by the enterprise, some may be used by the help desk to fix systems, and some may be used by employees without the knowledge or approval of the enterprise IT department.

One common security recommendation is to know what software or systems your enterprise is using so that you know what needs to be secured. Software and supply chain security are critical parts of an enterprise's information security program.
