CCleaner Compromise

Please be advised that CCleaner, a Windows utility used to remove cookies, wipe browsing histories, and clean temporary internet files has been compromised. Specifically, the affected versions are v5.33.6162 and CCleaner Cloud v1.07.3191 z9 (32 bit versions). The vendor, Avast, has stated that no other Piriform or CCleaner products have been affected. However, given that CCleaner was digitally signed, other software from Avast may be compromised.

The issue, which was identified by Cisco Talos researchers, involved the compromise of download servers used by the vendor to distribute software. The servers were leveraged by malicious actors to deliver malware. Once in place, the malware would determine if a user had admin privileges and would then seek to steal information such as the name of the device, installed software and Windows updates, running processes and the MAC addresses of network adapters.

Recommendations:

  • Users of version 5.33 should roll-back their device to a backup that was created prior to the installation of version 5.33 and update to version 5.34. Be advised that the free edition of CCleaner does not feature automated updates and requires users to manually download updates.
  • Alternately, users should wipe their device, deploy a new image and install another anti-virus software.

For additional information, please see: