CCleaner, the famous cleaning utility has shipped for several weeks a virus that would have allowed the hackers to harvest a lot of information about the users.
The malicious code would have been diffused in the cleaning app for Windows since mid-August and this without its editor, Piriform, does not realize it. More than 2 million users would have been potentially affected by this piracy according to Cisco, but what are the risks?
CCleaner was infected with a virus
CCleaner, the famous software to clean your PC and make it faster, more efficient, has recently been infected with a virus that has affected more than 2 million users. Fortunately, it seems that the virus was not programmed to cause damage but "only" for the purpose of gathering information.
The investigation into the CCleaner attack revealed a large-scale industrial espionage operation.
Eighteen companies in the high-tech sector, including Google, Intel and Microsoft, were targeted.
In total, several hundred companies may be involved.Clues point to a group of Chinese hackers, but nothing is confirmed yet.
Here is what you can read on Piriform's blog :
"We wish to apologize for a security incident that we recently identified in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. A suspicious activity was identified on September 12, 2017, when we saw an unknown IP address receiving data from CCleaner in version 5.33.6162 and CCleaner Cloud version 1.07.3191 on 32-bit Windows systems.
Based on a more in-depth analysis, we found that CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191 were unlawfully modified before it was released to the public and we have begun an investigation process. We immediately contacted the police and worked with them to solve the problem.
Before we dive into technical details, let me say that the threat has now been resolved to the extent that the parasitic server is down , other potential servers are out of control of the attacker and we are moving all users of existing CCleaner v5.33.6162 to the latest version. Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it could harm. "
Unable to know if the virus was introduced remotely or from within and also impossible to know who was affected, but obviously it would be enough to update its software to have no worries.