CCleaner has been compromised. If you use it to clean up your Mac or PC, read on to see if you’ve been affected!
The first rule of cleaning is to not make things dirt while you’re doing it. At least that’s what my mom said. For CCleaner, a popular disk cleaner application, this hasn’t been the case. In fact, it just got hacked. You could say things are looking murky.
Good cyber hygiene is a must for anyone these days. 11/10 cyber dentists recommend it, so does and the U.S. Government. Okay, there aren’t really cyber dentists, but Congress is currently trying to pass a new law called “The Promoting Good Cyber Hygiene Act”. Part of good cyber hygiene is keeping your applications and OS updated. CCleaner, by Avast, is a program that frees up disk space, It does this by scanning for junk and duplicate files, and then erases them.
Unfortunately, 2.3 million people downloaded a hacked version. Avast discovered the hack, then announced an updated version. For a while, it appeared that not much had happened to customers. Though many downloaded the cleaner application, not many were affected too badly. 700,000 reported as having some information taken, but mostly of a harmless nature. However, closer scrutiny brought a different story to light.
“When combined, this information would be everything an attacker would need.”
According to security researchers like Kaspersky and the Cisco Talos group, just over 20 machines of the 700,000 were targeted with a special, secondary attack. This attack was highly specialized, according to researchers. The information being collected was called “reconnaissance information” by Cisco, who said that if the hackers collected it, they could use it to launch a secondary takeover attack. “When combined, this information would be everything an attacker would need to launch a later stage payload that the attacker could verify to be undetectable and stable on a given system,” Cisco stated in a press release. All this from a simple cleaner.
According to sources, the hackers were not targeting random users of the CCleaner application, but rather were specifically targeting large telecom and network communications companies. Avast has reached out to companies affected but did not release the names publicly. Here is what they did say:
“It is extremely important to us to resolve the issue on customer machines. For consumers, we stand by the recommendation to upgrade CCleaner to the latest version (now 5.35, after we have revoked the signing certificate used to sign the impacted version 5.33) and use a quality antivirus product, such as Avast Antivirus. For corporate users, the decision may be different and will likely depend on corporate IT policies. At this stage, we cannot state that the corporate machines could not be compromised, even though the attack was highly targeted.”
Pretty solemn words. It seems as if Avast does not have a very good hold on the situation as of yet. Hopefully, in the next few days, they will have it worked out. If you downloaded CCleaner in the past few months, you should update the application as soon as possible. Check out this link for the official security patch from Piriform, a subsidiary of Avast. If you think your company has been compromised, contact Avast on their website.