For years, the CCLeaner security program has been a well-trusted malware monitor, with little-to-no hiccups in its lifespan. Recently, however, consumers who believed that they were downloading the malware blocker, were instead downloading CCleaner malware, or malware which hacked and attached itself to the product through a supply chain attack, which usually happens when hackers target a company or manufacturer that delivers a product to consumers.
Here, the servers used by CCleaner’s parent company, Avast, were infected, and the hacker used this breach to access the servers and change CCleaner’s makeup to include malicious malware.
Researchers looking into this matter explained that “for a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner.”
Millions of Users Affected by CCleaner Malware Infection
To note, CCleaner is an extremely popular tool amongst computer users to get rid of, and limit, computers of malware, while also improving speed and peaking the device’s performance. In November, Avast boasted that its program was downloaded more than 2 billion times, with 5 million users downloading the app per week. Unfortunately, the researchers say that these high growth numbers can be disastrous from a security standpoint.
Unfortunately, however, if you look at the simple math aspect of it, these massive growth numbers are absolutely catastrophic from a security standpoint, as the program simply becomes too big to monitor.
Consumer Affairs reports that Piriform, the company that operates the affected download servers, has confirmed that versions 5.33.6162 and 1.07.3191 of CCleaner for 32-bit systems were compromised by hackers. The company estimates that as many as 2.27 million people are using the affected software or have downloaded a compromised version of CCleaner Cloud.
“The compromise could cause the transmission of non-sensitive data…to a 3rd party computer server in the USA,” the company said. “We sincerely apologize for this and are committed to making sure nothing similar happens again.”
What to do
Furthermore, we ask that if you come across any type of fraud that you report that to us as well. Consider The Consumer aims to monitor and limit fraud across the world, and with your help we can do just that. Please reach out to us via our Fraud Report Center, or, again, through email at ConsiderTheConsumer@gmail.com. One of our trained representatives will be standing by to open a case at all hours.