CCleaner is a well-known software tool which is designed to optimize and clean Windows PCs and Android devices. Around 130 million CCleaner users experienced a state of shock when Piriform (the company which owns the software) revealed on their blog that malware had attached itself to certain versions of the utility software. The blog mentioned that CCleaner had been compromised by certain unknown hackers.

Piriform’s VP of product while talking about the some technical details said, “An unauthorized modification of the CCleaner.exe binary resulted in an insertion of a two-stage backdoor capable of running code received from a remote IP address on affected systems.”

Avast, one of the biggest players in system security, had acquired the program in July. A spokesperson from Avast said while reporting to media, “We believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm. We estimate that 2.27 million users had the affected software installed on 32-bit Windows machines.”

CCleaner Affected Versions and Data

The affected versions of the software are CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191.  Piriform discovered the infection on 12th September, giving the malware almost one month to establish its roots in the devices.

The malware was aimed at harvesting data from the devices it was installed on. The data which is at risk as specified by Piriform is:

  • The computer name
  • IP address
  • List of installed software
  • List of active software
  • List of network adapters

It is predicted that the data is being transmitted to a third party server located in the US. “We have no indications that any other data has been sent to the server,” the blog said. The server was successfully shut down on 15th September.

CCleaner’s Response

Some of the users might still have the affected version, which is why the company has been urging the users to upgrade their software to version 5.34 or higher.

CCleaner have been putting in efforts to move all their users to newer versions and those on the CCleaner cloud were moved to the new version automatically as reported on their blog by Piriform.

Number of Users Affected By The Malware

When the news was released, many were concerned about the number of devices affected. As reported by Avast, only a small minority was really affected by the malware. The affected PCs were limited to 32 bit devices while none of the Android users were affected. Piriform also reported that the affected version was used by 3% of their users.The complete list of hosting computers that received the mystery payload includes:

ccleaner-list-affected-pcs

On the contrary, the independent sources claim something horrible. According to the recently unearthed evidence, researchers believe that the attack was more sophisticated and targeted than it originally appeared to be. The attackers were going after the major tech companies and were able to install the second piece of malicious software on computers of the major tech giants around the world. The attack was a targeted espionage attempt to gain access to the networks of at least 18 tech firms, reports claim.

According to Talos threat intelligence team, a group of cybersecurity experts at Cisco, the CCleaner attackers targeted companies included Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and also Cisco. Several other domains also included a German slot machine company and major telecoms in Singapore and the United Kingdom. However, researchers estimate that only 700,000 computers were exposed by the attack instead of the previous estimate of 2.2 million.

This news creates the hacking attack a serious event as the most of the bigwigs on the list are the companies that help millions of users around to the world to stay connected to the Internet.