Beware: CCleaner Attacked by Sneaky Hackers to Spread Malware

A big scandal has formed the past few days. One of the most popular PC optimization tools has been compromised. We're talking about CCleaner. This isn't just a speculation or a rumor started by competitors – the creators of CCleaner, a company called Piriform, came out and announced that their application had been targeted by hackers. As a result of this millions of users who have trusted their services have become potential victims of the cyber attack. However, Piriform hasn't revealed some crucial details about the incident like what the modifications of their code were or how the attackers gained access to their servers in the first place. The Vice President for Products at Piriform, Paul Yung, commented on the disturbing story and revealed that the situation was certainly not harmless:

"An unauthorized modification of the CCleaner.exe binary resulted in an insertion of a two-stage backdoor capable of running code received from a remote IP address on affected systems."

How It Happened

These types of attacks are rather rare since they require impressive skill to be executed successfully. Security researchers often encounter fake software that has been crafted to look like the original one, but this case, in particular, is very different. The cyber crooks managed to insert their code into the official application, and then let the legitimate publisher spread the modified software product. Accomplishing this anonymously and without being spotted for a significant period of time is a task that will certainly be admired in the underground hacking community.

Who Is Affected

Only two variants of CCleaner were targeted by the hackers. A cloud version – 1.07.3191 and the desktop version – 5.33.616. It's important to note that the desktop version only affects machines running its 32-bit variant. The reason behind this is simple – as the 32-bit systems are gradually becoming a thing of the past, with 64-bit systems replacing them, spreading malware on this older type of system would reduce the risk of the threat to be detected. The inserted malware was meant to consist of two parts. Piriform stated that the second stage of the process was not successfully reached. The company, however, has refused to give out more information as to what these two steps were and why it was never completed.

What's The Purpose of The Attack

This malicious code was injected into CCleaner with the sole purpose of collecting user data. Piriform's Vice President admitted what sort of data exactly was targeted by the hackers. Information such as one's Windows updates, a list of all the software installed on the machine, the computer's name and its network card's physical address (MAC address). The code embedded by the attacker will also scan all running processes and gather information about the ones which are executed with full administrator privileges. According to the Piriform, all this data was first safely encrypted by the malware and then transferred to an unknown IP address.

Piriform has taken measures to deal with this embarrassing issue. They have released updates for all versions of CCleaner, regardless of platforms. They have also joined forces with Avast Threat Labs to find out who is responsible for this cunning and brilliantly crafted attack. This incident comes to show us that even companies consisting of experts whose job is to develop software aren't safe from hacker attacks.