CCleaner Compromised – TweakHound


For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner… During the installation of CCleaner 5.33, the 32-bit CCleaner binary that was included also contained a malicious payload that featured a Domain Generation Algorithm (DGA) as well as hardcoded Command and Control (C2) functionality. We confirmed that this malicious version of CCleaner was being hosted directly on CCleaner’s download server as recently as September 11, 2017.
Talos Blog – CCleanup: A Vast Number of Machines at Risk
This may be big. News of this was all over the web this morning.
The only advice I have as of now is uninstall CCleaner. A newer version of CCleaner is out (v5.34) but it is unknown if this eliminates the problem. AFAIK the portable versions are not infected.
This may only affect 32-bit users.

CCleaner Compromised – TweakHound

This post was written by .

Published .

Posted in: Misc


Comments are closed.