What exactly happened to CCleaner and is it safe to download and use?
On 18th September, a blog uploaded to Piriform’s website revealed the shocking news that one of its tools, CCleaner, which has hundreds of millions of users, had been infiltrated by malware. More shocking, was the news that the malware’s presence had been undetected for a matter of months. All across the globe, computer users have been left reeling over the news, and are fretting over the safety of their IP. In order to clarify the specifics of the attack, and clear up confusion over what the next steps are for those who do have CCleaner installed on their systems, we have put together this article.
If you are familiar with CCleaner, as the 2 billion others who have downloaded it worldwide are, you’ll know that CCleaner is a tool used to clear your PC of any unwanted files – like temporary internet cookies and invalid Windows Registry entries. It has rave reviews from critics and the extent of its popularity is testament to its quality.
Its quality, and its status as an industry leading product, has been undermined by the presence of malware in its code. Installations of CCleaner version 5.33.6162 between the dates of 15th August and 12th September were compromised with a multistage malware payload. It is estimated that over 2.27 million people downloaded the compromised version. So, if you did download it, you are probably wondering what the malware actually does, right?
Put simply, the malware enables remote access to all of the infected machines. Not intended to attack personal users, it seems to be part of a wider strategy to conduct industrial espionage. Initial investigations established that the malware was designed to encrypt and collect information rather than actively harm systems. Further research revealed that at least 18 of the world’s biggest corporations were specifically targeted with secondary payloads. Comprising tech firms in Japan, Taiwan, Germany, the UK and the US, Sony, Samsung, Intel, HTC and Microsoft were all among the intended targets.
While it is unlikely that possessing the tainted version of CCleaner on your computer will actually cause you any harm, it is, after all, still malware, and you will definitely want to know how to get rid of it. Manually updating to the latest version of CCleaner will not be enough. Avast, the owners of the CCleaner software, claim that updating to the latest incarnation should be enough for personal users but admit that for corporate users, more radical steps may be required. Security intelligence firm Talos, have recommended restoring systems from backups or reimaging.
In the midst of what is, still, an on-going saga, the credibility of CCleaner has undoubtedly taken a hit. But there is good news for avid CCleaner users; criticism often results in rapid re-assessment and analysis, which will lead to a renewed series of improvements and bolstered security. For that reason, it is likely that CCleaner will soon be safer than ever.