CCleaner Malware Hack: What to Know and How to Protect Yourself

If you use a software tool called CCleaner to keep your Windows PC humming smoothly, keep reading: the utility was just indicted by Piriform, the British company that makes CCleaner, in a troubling blog post.

In short, it seems a recent version of CCleaner — as well as related product CCleaner Cloud (the online version) — were infiltrated by hackers and weaponized with malware of the sort that harvests and transmits user data for nefarious purposes.

The activity was discovered on September 12, and while Piriform says it’s already patched CCleaner Cloud, users running CCleaner will need to upgrade immediately.

Here’s everything you need to know.

What is CCleaner?

CCleaner, which software maker Piriform bills as “the number-one tool for cleaning your PC,” is a software optimization tool designed to tidy up Windows PCs by removing extraneous software and browser data. It’s available in both free and paid versions, including a professional business profile. All versions include claimed computer speedups and privacy protection, while the paid versions add extras like real-time monitoring, scheduling, automatic updates and better support.

CCleaner Cloud is the online version of the tool, designed to perform similar duties but on a broad array of computers centrally controlled through a web browser. Since Piriform controls this version of the tool in-house, it’s already been updated to eliminate the malware, says the company.

What just happened to CCleaner?

Piriform says it first detected a problem on September 12, when it noticed an unknown IP address receiving data from software found in recent versions of the software. After investigating further, it determined these versions were modified illicitly before their release to users.

How many people are at risk?

Avast, the multinational cybersecurity firm that recently bought Piriform, says it believes the compromised software was installed on 2.27 million machines.

“We believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm,” the company said in a press statement. “There is no indication or evidence that any additional ‘malware’ has been delivered through the backdoor,” it added.

Am I at risk from malware?

Anyone specifically using the 32-bit Windows version of CCleaner is at risk. But since the free version of the tool doesn’t appear to include automatic updates, it stands to reason that anyone running the free version is significantly more at risk, since these users would need to manually download the update. Regardless, if you’re running any version of CCleaner, you’ll want to ensure you’ve updated to the latest version immediately.

Which versions of CCleaner have the malware?

Piriform says it believes the 32-bit Windows version 5.33.6162 of CCleaner and version 1.07.3191 of CCleaner Cloud were modified illicitly before their release to users.

What does the malware do?

According to Avast, the malware attempts to transmit information like computer names, IP addresses, installed software, active running software, network adapter information and more, to a server located in the United States.

What is Piriform doing to remedy the problem?

The company has already updated both the online and downloadable versions of CCleaner. It has also contacted law enforcement and says it’s “worked with them on resolving the issue.” The company also says that “the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version.”

In other words, says the company, “to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.”

What version of CCleaner eliminates the malware?

Piriform says users should update to CCleaner version 5.34 or higher. You can download the newest version here.

Who hacked CCleaner?

It’s not yet clear, and Piriform is declining to speculate. The company says the investigation is “still ongoing.”

Is there anything else Piriform needs to do?

The company has already apologized for the incident and says it’s “taking detailed steps internally so that this does not happen again.” At the very least, it would seem adding automatic updates to all future iterations of its products, including the free ones, would go a long way toward mitigating potential future threats.