Malicious code in CCleaner compromised more than 2 million computers

Photo of author


A malicious code was inserted into a version of computer clean-up tool CCleaner, creating a backdoor in more than 2 million computers and potentially allowing those responsible to take control of the devices, the company said on Monday.

The breach was discovered on September 12 when Piriform – the company that created CCleaner – discovered that its software was sending data to an unknown IP address. An investigation revealed that two programs released in August had been “illegally modified” before being released to the public.

The breach affects CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191 on 32-bit Windows systems. About 2.27 million computers are believed to have installed the compromised software, although it’s still unclear whether hackers took control of any of the devices.

In a technical description, the company explained that CCleaner.exe had been modified to create a two-stage backdoor capable of running code sent by those responsible. It also sent encrypted data to the hackers, providing them with the computer’s name, a list of installed software to include Windows updates, a list of running processes, MAC addresses, and the status of administrator privileges.

Paul Young, the vice president of products at Piriform, said in a blog post on Monday that the server used by the hackers was taken down and other potential servers are ‘out of their control.’ Users of version 5.33.6162, however, have been advised to update to the latest version while users of CCleaner Cloud received an automatic update.

“At this stage, we don’t want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it,” Young said. “The investigation is still ongoing. We want to thank the Avast Threat Labs for their help and assistance with this analysis.”

Young apologized to users of CCleaner and said the company is taking “detailed steps internally” to prevent such a breach from happening again. “If you have not already done so, we encourage you to update your CCleaner software to version 5.34 or higher,” he added.

CCleaner was first released in 2003 and allows people to delete temporary or potentially unwanted files to help optimize their computer. Piriform, which was acquired by Avast in July, says CCleaner has been downloaded more than 2 billion times, with an average of 5 million new users every week.

(Copyright 2017 by BNO News B.V. All rights reserved. Info:

Images Courtesy of DepositPhotos