Security Issue With CCleaner

Piriform’s CCleaner is a popular computer cleaning and optimizing product that many people use.  I have my doubts about the real effectiveness of these utilities, but many of my clients swear by it.  I have used CCleaner myself several times as one of the tools I used to clean up a malware infection.

Recently, the CCleaner software code was modified  to include a malicious backdoor.  This warning was published earlier in one of my Weekend Updates, but due to the popularity of this product, warranted a longer article.  This affected CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191.  The software was illegally modified before it was released.  The company has initiated an investigation which is ongoing at this time.  They have also pushed an update to owners of the affected products.  If you have not updated your copy, do it now.

The code modification created a backdoor that was capable of running code downloaded from a server at a remote location on the Internet.  Once installed, the malicious code would collect the following information about the local system:

  • Name of the computer
  • List of installed software, including Windows updates
  • List of running processes
  • MAC addresses of first three network adapters
  • Additional information whether the process is running with administrator privileges, whether it is a 64-bit system, etc.

Presumably, this data collection was the first stage in a more involved attack.  Piriform says in their blog that they have identified and either taken down or disabled the servers that were responsible for distributing the altered product.

The information provided on the company blog does not indicate whether the distribution servers were company owned download sites, or third party download sites.  But one way to protect yourself for downloading altered software products is to stick with the official company download web sites.  Sites such as Major Geeks and have been on my radar for years because of their habit of pushing additional unwanted crapware on unsuspecting computer users.  Now it seems that third party sites may be trafficking in software containing malicious alterations, as well.

More information:



About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.