In a posting on Cisco’s Talos security blog published on Monday, it was revealed that version 5.33 of CCleaner was infected with a form of malware.
So what does this malware do? Well, once you have downloaded version 5.33 of CCleaner onto a PC running Windows, it will then steal information from your computer. We are talking about the name of the computer, the MAC address of network adapters, what software is installed on it to name but a few of the things that it takes. Once the malware has this information it then sends it to an unknown location.
According to Piriform, there were about 2.27 million computers that downloaded the affected verison of CCleaner. That’s a lot of computers.
For a bit of context, CCleaner is a piece of software that you would put onto a PC running Windows and it would help you to clean up your PC by helping you get rid of stuff that you did not need by uninstalling programs, emptying your web browser’s cache(be it Google Chrome or Mozilla Firefox or another browser). It can also help to clean out the registry in Windows. It’s been downloaded over two billion times since it was first released in 2003.
Of course, Piriform has pushed out a newer version of CCleaner that you can download from the Piriform Website. I would highly recommend uninstalling the current version that you have and installing the one that comes from the above link.
You could look at this as a trojan horse in that on the surface you think you are getting a copy of CCleaner. However, underneath the surface there is some malware being loaded onto your computer doing some nasty stuff.
As much as it pains for me to say this, it seems like attacks through software updates are starting to become commonplace. This is the latest example of this.
What makes this more shocking is that it was done through software that a lot of people trust on a daily basis (from a software developer that people trust). You see, we’ve grown to trust a lot of the software that we download(be it CCleaner, LibreOffice, VLC Media Player or something else) and because it comes from the developer/publisher we expect that there is no malware in it. Unless if you know what’s been going on “behind the scenes” (as it were) or you actually go out and do some reading, then there are a few people who might think that Piriform are doing this on purpose (when they are not).
Now that malware developers know that this is possible, they will set their eyes on a larger target.
This is why it’s important to download software from an official source (like the Piriform website, the App Store on your iOS device, the Google Play Store on an Android phone/tablet or the relevant website for the software) instead of going to some third party (even if it’s a trusted one). For example, let’s say you need to download the Twitter app on your Samsung smartphone, rather than going to some dodgy website to do that, you have to go to the Google Play Store. The same thing applies with an iPhone, rather than jailbreaking it and downloading software from somewhere else, download it from the App Store.
Additionally it’s important to update your software on a regular basis. Most important of all there is some responsibility on the software developers (like Piriform) to get these backdoors, security holes and more patched up as quick as they can and then push out those updates as quickly as possible.