Monday, September 18th 2017
Piriform Hacked, CCleaner August Versions (v5.33.6162) Injected, Compromised
In another large-scale attack that's bound to increase users' awareness on their systems' security, news have broken out that Piriform, creators of the popular CCleaner software tool (estimated to be instaled in some 130 million devices), have suffered a hack on their servers that compromised some installer packages of the software. Piriform, which was purchased by popular security software company Avast last July, was hacked last August, and the changes to the installer packages could potentially allow hackers to control the devices of more than two million users, the company and independent researchers said on Monday.
Specifically, hackers embedded remote administration tools on CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191, tools that then tried to connect to several unregistered web pages, looking to download additional unauthorized programs, according to Cisco's Talos security research unit. Users would have noticed nothing wrong on their systems, since the entire malicious string of code was run under CCleaner's authentic digital certificate. The nature of the attack code suggests that the hacker won access to a machine used to create CCleaner, Talos researcher Craig Williams said.
CCleaner does not feature automatic updates, so if you make use of CCleaner, make sure to check your software version, and force an update through the app. Or better yet, make sure to uninstall the app and install the new, corrected version, which currently stands at 5.34.6207.
Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12, with a new, uncompromised version of CCleaner being released the same day. A clean version of CCleaner Cloud took a little while longer to be released, seeing the light of day on Sept. 15. Talos' security Craig Williams said that the issue was detected at an early stage, when the hackers appeared to be collecting information from infected machines, rather than forcing them to install new programs.
Source:
Reuters
CCleaner does not feature automatic updates, so if you make use of CCleaner, make sure to check your software version, and force an update through the app. Or better yet, make sure to uninstall the app and install the new, corrected version, which currently stands at 5.34.6207.
Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12, with a new, uncompromised version of CCleaner being released the same day. A clean version of CCleaner Cloud took a little while longer to be released, seeing the light of day on Sept. 15. Talos' security Craig Williams said that the issue was detected at an early stage, when the hackers appeared to be collecting information from infected machines, rather than forcing them to install new programs.
58 Comments on Piriform Hacked, CCleaner August Versions (v5.33.6162) Injected, Compromised
This is pretty damn bad. Not only were Piriform hacked but the attackers managed to alter their files as kept on their download servers as well? If that is what happened that's a failure on so many levels.
But going after piriform is just being a jerkoff just for the sake of it.
And the parent company just figured it out?
*slow clap* what an amazing advisement of your software there avast! truly convincing me that you antivirus isnt going to be dog slow at finding any problems! /s
highlight it click properties and see what version it was.
For me was 5.32 so I never ran 5.33 even though I DL it.
Then for piece of mind run few scans on system, IMO this is pretty good report at least we know relatively fast.
Ask any hacker if he prefers to deal with windows 7 or 10, and tell me the answer.
What your off-topic raving has anything to do with Piriform's servers being broken into, no one knows.
According to Piriform's official statement, it was mentioned that the issue affected the 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191.
The 64-bit version of CCleaner was not mentioned at all.
And I assume this is about the installer version of CCleaner, not the portable version, although further details and/or confirmations from Piriform regarding this matter is required.
I always, out of force of habit, disable any programs from automatically updating when possible. I'll pick and choose when I want to update something.
Also not sure why Piriform is getting a bad wrap, it actually caught the flaw before most larger companies do. Do a search for Intel AMT flaw, a far worse security flaw that was open for several years before they found it, still affects most PC's with AMT activated.
Yes, it's safe to still use CCleaner, and kudos for being informed enough to find this article and keep yourselves in the know. If you work in a Medical industry like me, Security is number one, and if we dropped every piece of software that's ever been compromised we couldn't function. My recommendations is to continue staying informed by looking into security advisories just like this, and make sure you are running the latest security updates from Microsoft and your Antivirus.
As with any merger/acquisition, it takes awhile before the new company and its practices are changed to mirror the new parent company.
Time wise, this isn't bad at all.