Breach infects 2 million CCleaner users

The anti-malware tool, CCleaner, was hacked by malware, leaving 2million users who installed the software version vulnerable.

The developer of CCleaner, Piriform, which is no owned by Avast, a security firm, says that its download servers were compromised at some point between 15 August, when it released version v5.33.6162 of the software, and 12 September, when it updated the servers with a new version, according to The Guardian.

A Trojan that sent “non-sensitive data” was loaded into the download package from infected users’ computers back to a server located in the US.

The data included IP addresses, a list of installed software, computer names, a list of active software and a list of network adapters.

The infection also resulted in another piece of malware (second stage payload) being installed into affected computers.

Piriform’s vice president, Paul Yung, said to The Guardian: “At this stage, we don’t want to speculate how the unauthorised code appeared in CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it.”

The company believes that 2.27million users were infected, but added in a statement: “we believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm.”

The breach was discovered by Cisco’s Talos Intelligence research team, who warned Piriform on 13 September, one day after the clean version of the software had been released.

Written by Leah Alger