Security Issue With CCleaner

Piriform’s CCleaner is a popular computer cleaning and optimizing product that many people use.  I have my doubts about the real effectiveness of these utilities, but many of my clients swear by it.  I have used CCleaner myself several times as one of the tools I used to clean up a malware infection.

Recently, the CCleaner software code was modified  to include a malicious backdoor.  This warning was published earlier in one of my Weekend Updates, but due to the popularity of this product, warranted a longer article.  This affected CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191.  The software was illegally modified before it was released.  The company has initiated an investigation which is ongoing at this time.  They have also pushed an update to owners of the affected products.  If you have not updated your copy, do it now.

The code modification created a backdoor that was capable of running code downloaded from a server at a remote location on the Internet.  Once installed, the malicious code would collect the following information about the local system:

  • Name of the computer
  • List of installed software, including Windows updates
  • List of running processes
  • MAC addresses of first three network adapters
  • Additional information whether the process is running with administrator privileges, whether it is a 64-bit system, etc.

Presumably, this data collection was the first stage in a more involved attack.  Piriform says in their blog that they have identified and either taken down or disabled the servers that were responsible for distributing the altered product.

The information provided on the company blog does not indicate whether the distribution servers were company owned download sites, or third party download sites.  But one way to protect yourself for downloading altered software products is to stick with the official company download web sites.  Sites such as Major Geeks and have been on my radar for years because of their habit of pushing additional unwanted crapware on unsuspecting computer users.  Now it seems that third party sites may be trafficking in software containing malicious alterations, as well.

More information:



About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.