A popular file-clean up program called CCleaner has become the latest known target of hackers after security researchers discovered that it had been compromised with a “backdoor.”
The app, which touts more than two billion downloads and over two million active users according to parent company Avast, was infected with a malicious payload that made it possible to download and execute other suspicious software, including ransomware
Avast and Piriform have both confirmed that the Windows 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were affected by the malware.
Detected on 13 September, the malicious version of CCleaner contains a multi-stage malware payload that steals data from infected computers and sends it to attacker’s remote command-and-control servers.
The malicious software was programmed to collect a large number of user data, including:
- Computer name
- List of installed software, including Windows updates
- List of all running processes
- IP and MAC addresses
- Additional information like whether the process is running with admin privileges and whether it is a 64-bit system.
However, Piriform estimated that up to 3 percent of its users (up to 2.27 million people) were affected by the malicious installation.
Affected users are strongly recommended to update their CCleaner software to version 5.34 or higher, in order to protect their computers from being compromised. The latest version is available for download here.