CCleaner 5.33 hacked to deliver malware

CCleaner 5.33 users take note:


Cisco Talos Intelligence labs has recently became aware of a supply chain attack against CCleaner v 5.33.  Talos recently observed that the legitimate download servers used by CCleaner were leveraged to deliver malware to unsuspecting victims.  For an unknown period of time, the legitimate, signed version of CCleaner v5.33, being distributed by Avast, also included a multi-stage malware payload that rode on top of the installation of CCleaner.  Given the potential for damage that could be caused by a network of infected computers even a tiny fraction of the size of CCleaner’s installed user base, Talos decided to move quickly.  On September 13, 2017 Cisco Talos immediately notified Avast of their findings so they could initiate appropriate response measures.

It is believed that attackers gained a foothold inside one or more development or build environments and leveraged that access to insert malware into the CCleaner build that was released between August 15th 2017 to September 12th, 2017.  If you downloaded CCleaner or your system updated to the newest build during this time, it is highly advised that you remove this program from your system and take measures to clean it immediately.

Contact POCC today to ensure your system has not been compromised!

Read the blog post from Cisco Talos to learn more about this discovery: