Piriform, developer of the system cleaning tool CCleaner has reported that version 5.33.6162 of tool and CCleaner Cloud version 1.07.3191 was infected by Malware. According to them, “an unauthorized modification of the CCleaner.exe binary resulted in an insertion of a two-stage backdoor capable of running code received from a remote IP address on affected systems”.
Piriform now belongs to security solutions provider AVAST, which completed the acquisition in July this year. The news was compounded by fact that the security breach was noticed first by Cisco Talos and not AVAST or Piriform.
In distribution since August, version 5.33.6162 of CCleaner was noticed by Talos on September 12th. The company noticed that an unknown IP address began to receive data from CCleaner and CCleaner Cloud on 32-bit Windows systems.
Further investigation by Cisco Talos found that this aprticular version of CCleaner and CCleaner Cloud had been modified before public release. The company then contacted law enforcement units and began work to mitigate the issue.
At this point of time, the rogue server controlling the Malware is down and CCleaner users are being migrated to newer (and hopefully cleaner) versions.
What has Piriform done?
While it seems that Cisco Talos has taken care of this incident, Piriform’s response has attracted attention. In one short paragraph, the company seemed to not only shrug off comment but also pull now-owner AVAST under the rug as well.
“At this stage, we don’t want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it. The investigation is still ongoing. We want to thank the AVAST Threat Labs for their help and assistance with this analysis,” said Paul Yung, VP Products at Piriform.
This distinct show of a lack of concern and responsibility seems even more alarming given that AVAST itself has less than a week ago released a report warning of a 40 percent increase in Mobile cyberattacks.