It never ceases to amaze us of the actions of crafty hackers where they conjure up new and aggressive methods of spreading malicious software and computer viruses throughout the digital world. In the most recent discovery of hacker shenanigans, we find that hackers have breached and compromised security on servers used by the Avast security company to distribute malware inside of CCleaner, a popularized optimization and PC cleaner tool now owned by Avast.
Reportedly, 2.7 million computers have been affected by what appears to be a case where hackers have slipped malware onto the CCleaner program due to a previous attack on servers that distributed the free and paid professional versions of the application.
CCleaner, download as many as 2 billion times in its lifespan, has long been touted as an effective program for cleaning up unwanted items on PCs. Piriform, the creator of CCleaner under the Avast company umbrella, believes that they were able to prevent the breach to the point of harming customers. However, the breach, after a period of time, leads to a legitimate signed version of CCleaner 5.33 containing a multi-stage malware payload that was included within the installation of CCleaner.
Irony Ensues when a "Cleaner" Program is Infected with Malware
There is irony to the story of CCleaner getting hit with malware within its installation as CCleaner is commonly referred to as a program that cleans up "crapware" on a PC. While not a full-fledged antimalware or antivirus application, CCleaner is claimed to be a useful tool for cleaning up items on a computer, such as cookies and web browser data.
In the recent past, hackers have leveraged other legitimate applications to sneak in their malware and spread it to numerous computer users. There have even been cases where hackers attack legitimate websites to spread ransomware threats or utilize outdated software vulnerabilities to spread aggressive threats. The attack on CCleaner can be closely contrasted to an attack on companies that downloaded infected Ukrainian accounting software essentially spreading the NotPetya or Petya Ransomware, one of the fastest-spreading malware of its kind.
CCleaner Malware Stopped in its Tracks
Currently, the malware suspected to be spread through CCleaner may allow hackers to control the infected system. However, Avast Piriform had claimed it worked closely with law enforcement and has since cut off communications to the affected servers before any malicious commands were initiated. The initial alert of Avast Piriform coming under attack came out of Cisco Systems Inc and Morphisec Ltd, who have suspected that the hack took place last week.
Those who may have downloaded and installed the cloud version of CCleaner in August or September are advised to delete the program and install a freshly downloaded copy to ensure they do not have a malware-infected version.