CCleaner: Anti malware or malware?

CCleaner the free anti malware tool developed by London based company Piriform, damaged 2 million users world wide. This news was confirmed on Monday 19th September 2017 by the app developers.

As per the developers the app was hacked into and the malware was encoded with the CCleaner  anti-malware.


CCleaner Hacked

Yesterday the news was confirmed by the ccleaner developer team that the software was hacked and was encoded with malware, now over 2M users are damaged. Piriform, the developer of CCleaner now owned by security firm Avast, says that its download servers were compromised at some point between 15 August, when it released version v5.33.6162 of CCleaner, and 12 September, when it updated the servers with a new version.

This is the time when the trojan malware was loaded into the CCleaner ‘ s download package which sent “non-sensitive data” from infected users’ computers back to a server located in the US.

According to Piriform the data included computer name, IP address, list of installed software, list of active software, list of network adapters.

Along with data leak a second malware payload was injected into the user PC to affect the PC in a long term.

Top 10 Cyber Security Tips To Protect Your Online Identity

Why CCleaner was Hacked

CCleaner has 2.27 million user worldwide and we have seen in the past that these attackers, these hackers will do anything to earn street creds and money from an industrial espionage to destroying a country’s defense. We can assume that this was one of those attacks or it can be just for fun or just to show a big company avast that their security is breakable. We do not know that but yes the virus is there in the anti-malware  software.

Talos researchers said the CCleaner malware was particularly worrisome because it somehow made it onto software that could be executed using Piriform’s valid security certificate. As per Talos researchers the malware is almost undetectable one out of 64 anti virus can detect its presence.

Talos researchers Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig Williams wrote on the Talos blog.

By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users’ inherent trust in the files and web servers used to distribute updates.

How To Check If Your computer is malware infected

Research team noted that this was the same malware that created the chaos on June this year that attack, which crippled thousands of business machines worldwide, the wiper malware which was used for doing this it was distributed from a legitimate tax accounting software from Ukrainian company M.E.Doc.

Who hacked? Was it really a hack?


As per Piriform vice president in a security report they said that they –

“To the best of our knowledge, we were able to disarm the threat before it was able to do any harm.”

He also promise to fix this on the next version 5.34 which will be available in the Piriform official website.

But the question here is originally who hacked the software was it a job of the hackers or was it a inside job? Or just a publicity stunt well it was an attack from outside if not then Piriform would not be these much concerned with the issue we have seen these type of marketing before with many companies (let’s not take names).

Piriform has said it taking detailed steps internally so that this doesn’t happen again. “At this stage, we don’t want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it,” they said. “The investigation is still ongoing.”


How to be safe online?

Now let us tell you how you can be safe online :

  •  Use strong passwords only
  • Never use personal information in your password
  • Set passwords and PINs for mobile devices
  • Use unique passwords for each website
  • Change passwords every 30-60 days
  • Use a “burner” email address
  • Change email settings to display text only
  • Update your operating system software whenever prompted by your system
  • Don’t store an unencrypted password list on your device
  • Close your browser and clean your browsing history, when you walk away from your computer


So be safe and be careful while you update next time.

jingyansu choudhury

jingyansu choudhury

Hello World, I am the Founder And CEO Of Techyuga. I am working on building Techyuga to become India's No.1 end-to-end repair hub for all kinds of devices.