Hackers have successfully breached CCleaner’s security to inject malware into the app and distribute it to millions of users. Security researchers at Cisco Talos discovered that download servers used by Avast (the company that owns CCleaner) were compromised to distribute malware inside CCleaner.
CCleaner Version 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner. CCleaner has been downloaded more than 2 billion times according to Avast, making it a popular target for hackers.
CCleaner is a software utility that wipes out application leftover garbage, can view the registry for entries no longer wanted, remove applications, etc. Piriform believes that all users are now safe but the real question is how was this even possible to happen.
Trusted by consumers and businesses, CCleaner will lose some of the trustworthiness they have built over the years. The malware itself appears to have been designed to use infected PCs as part of a botnet.
The hackers have proven that this could lead to other companies not securing their software. The danger is that anyone who allows their people to not protect their workstations from the outside world can affect millions others. Similar things have happened to Equifax and Sony, if you do not have the latest Anti-Virus software on your workstation you need to make sure you are protected today.
A end user can remove the CCleaner application for now and run a malware check on your machine for protection.