CCleaner Malware Incident

[REDACTED]

CCleaner Malware Incident - What You Need to Know and How to Remove

What happened?

An unknown threat group compromised the CCleaner infrastructure.

The attacker added malware to the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191.

The files were available for download between August 15 and September 12.

Who is affected?

Everybody who downloaded and installed the affected versions in that timespan.

Avast estimates the number of affected machines at 2.27 million.

https://www.bleepingcomputer.com/how-to/security/ccleaner-malware-incident-what-you-need-to-know-and-how-to-remove/

[REDACTED]

Good luck getting some answers out of Avast and Piriform. They are trying to downplay this, by not delivering adequate information. Every shred of good reputation CCleaner had, is gone now and Avast' reputation has been hurt even more, and the more Avast and Piriform holds back information, the bigger the hole they are digging for them self.

[RejZoR]

Eh, people dramatizing it again. And I'm not saying this because I've been working with avast! for a long time, I'm saying it because it can happen to ANY company if it gets target attacked. And this was the case here. Blaming it on avast! which just purchased Piriform is just the lamest thing ever. If anything, they should be applauded for finding out themselves. If avast! didn't buy Piriform, it could have been going on for months before someone noticed it. And like I've said, it could have happened to any company. Piriform isn't specialized in security, so, things are more likely to go wrong with such company than with avast! itself. And we've seen hacks happened to security firms before, including avast! (usually to 3rd party stuff under their control).

The information is there, but I guess some people expect avast! to go back in time and change the course of history somehow...

[Vlk]

Please see my recent statement here: https://forum.avast.com/index.php?topic=208612.msg1421249#msg1421249

[EmoHobo]

So I've always used the 64-bit version, I'm fine, right?

[Asyn]

So I've always used the 64-bit version, I'm fine, right?

Yep.

[EmoHobo]

So I've always used the 64-bit version, I'm fine, right?

Yep.

I don't see the regedit change either for the added item.

I also set it to automatically launch the 64bit version since I have both installed.

[polonus]

Hi EmoHobo,

Well I was not affected either, according to the registry read out.

But know that 20% of the data breaches in the "Murica's" today stem from cyberattacks threatening your data and privacy.
Nothing new when folks admit that privacy does not exist any longer there and all your data are for the grab (to render the new digital gold that is in data), when not showing you ads one is javascript mining monero inside your browser with or without your consent.

That is how far as how it has got, and in the case of the alleged CCleaner breach the malware injected into #CCleaner has shared code with several tools used by one of the APT groups from the #Axiom APT 'umbrella', an umbrella for dynamic API hackers by the so-called Lazarus group cybercriminal malware factory. They were active amongs other things from Asia and were fought in a common initiative known as  Operation Blockbuster Security Coalition.

polonus (volunteer website security analyst and website error-hunter)

[EmoHobo]

and what does all that mean polonus?  For a regular person like me. Does it mean my data is probably already out there just floating around like some kind of floating gold mine of personal data?

[Asyn]

See Reply #5.

[Vlk]

More info here: https://blog.avast.com/update-to-the-ccleaner-5.33.1612-security-incident

[Be Secure]

More info here: https://blog.avast.com/update-to-the-ccleaner-5.33.1612-security-incident

Pls don't add Ccleaner to AVAST.It is a request. 

[DavidR]

More info here: https://blog.avast.com/update-to-the-ccleaner-5.33.1612-security-incident

Pls don't add Ccleaner to AVAST.It is a request. 

Why would they when there is already avast cleanup (free or paid) and even if they did, what is to stop you doing a custom install and deselecting it as you can with other components.

Presumably those that are already using ccleaner wouldn't get it again.

[Eddy]

This entire thread is in the wrong forum.

[bob3160]

Who cares which forum it's in. It's still the Avast forum and Ccleaner is now an Avast product.
@ Be Secure,
Ccleaner is it's own program.