In a recent incident of software security inspection, the Avast-owned CCleaner Security App was found to be infected with a malware backdoor installed in it.
According to the
official blog of Piriform (an Avast undertaking), a security backdoor was discovered in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191, both used by 32 bit Windows users. Here is a screenshot of what the blog states.
This backdoor allowed further downloading of malware like ransomware and keyloggers. It is estimated that around 2.27 million CCleaner users were running the infected software. However, the company claims that the threat caused no known big harm.
The breach was discovered by security researchers at Cisco’s Talos. In a
blog, Cisco Talos researchers write,
“Talos recently observed a case where the download servers used by software vendor to distribute a legitimate software package were leveraged to deliver malware to unsuspecting victims. For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner. CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week. Given the potential damage that could be caused by a network of infected computers even a tiny fraction of this size we decided to move quickly. On September 13, 2017 Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities. The following sections will discuss the specific details regarding this attack.”
Well, despite the company’s claim of no harm, it has become a big concern for users and puts a big question mark on the security software provider Avast’s ability to deal with such attacks in the future. If you are a CCleaner user, you are advised to update your version with the latest one.