CCleaner, distributed by anti-virus firm Avast, contained malicious backdoor

DNS requests for Floxif DGA domains

In November past year the CCleaner app was downloaded more than 2 billion times, according to the company, and is installed by desktop users at a rate of 5 million a week.

The company's security researchers said they noticed that the malware tried to connect computers to unregistered websites in order to remotely download more harmful programs directly into users' computers.

CCleaner, software that is created to speed up PC and smartphone performance by removing unneeded or unecessary files, is the latest victim of hackers hijacking legitimate software to spread malware and gain access to infected systems.

A computer program used to help your PC run faster has reportedly become the latest victim of hackers looking to breach the security of millions of its users. Piriform recommends users of CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191 to download new versions of the software.

The company also added that the rogue server is down and other potential servers are out of the control of the attacker. CCleaner users need to install version 5.34 or higher. Today, developer Piriform has acknowledged that recent versions of CCleaner and CCleaner Cloud have been compromised with a hidden backdoor, though the company says that it has since disarmed the threat (via Windows Central). The malware was discovered by Cisco Talos on September 13, and Avast was notified immediately.

The bug affects anyone who downloaded CCleaner version 5.33 or updated their version between August 15 and September 12.

Business and consumer users of Piriform's CCleaner software are being urged to ensure they are using the latest versions that do not contain a hacker-inserted backdoor.

The CCleaner is a popular tool for cleaning out "crap-ware", helping remove temporary files, browser caches, log files and other junk from a system.

Cisco said its records showed hundreds or thousands of systems attempting to access the control servers specified by the malware during the period it was being installed by CCleaner. It appears to have been an exploit of the CCleaner installer's download server, meaning that whenever anyone downloaded the software via official means, they also unwittingly downloaded a piece of malware. This version of CCleaner had a valid digital signature issued to Piriform, the company that makes CCleaner and which was recently acquired by Avast. Now, it's easier to attack the download source, gaining access into legitimate servers.

Piriform, the firm behind CCleaner, has now published a blog apologizing to its customers.

Piriform and Avast continue the investigation in order to find out how this compromise happened, who did it, and the hackers' ultimate goal.

Yung declined to speculate on how the code appeared in CCleaner or where the attack originated from.

Related:

Comments

Latest news

'Tez' designed to make e-payments simple, secure: Google
Support for the government-backed UPI ( Unified Payments Interface ) means the service is compatible with a number of major banks. The new mobile application enables you to send and receive money from friends by linking up your bank accounts to your mobile.

The Week 4 Coaches' Poll Top 25 Is Out
I flipped Oklahoma State and Ohio State in the eighth and ninth spots this week on the basis of the Cowboys' work at Pitt. LSU fell all the way from 12th to 25th after getting smoked by Mississippi State , 37-7, on Saturday evening.

Hurricane Irma hits Florida again, this time at the gas pump
Energy Information Administration , both hurricanes led to higher than average gas prices over the last couple of weeks. The decline in price is the first reported since August 21 when prices declined by three cents per gallon.

Coutinho and Liverpool frustrated as Burnley punish dodgy defence
FW Mohamed Salah , 7 - Very lively in the first half and had several efforts on goal, the best of which resulted in the equaliser. Burnley have made a promising start to the season under manager Sean Dyche .

Spectators injured as stand partially collapses in Durham
While thankful for having won West Indies a trophy off his own bat, Brathwaite's goal now is for consistent worldwide success. Brathwaite didn't not feature in the preceding Test series , which England claimed 2-1 after winning the 3rd Test at Lord's.

More Than 200000 Rohingya Children In Urgent Need Of Help
But with more than 230,000 children estimated to have arrived in Bangladesh , many more will need help, Mr. Matthew Rycroft said it was the first statement from the Security Council on Myanmar in nine years.

Rampant Manchester City looking more like a Guardiola team
This is the fifth League match for both of them, while Watford had two wins and two draws by playing four matches so far. We tried to sign one more during the market because we know some of the players here have had some problems in the past.

A 'Blade Runner' Anime is Coming From the Director of 'Cowboy Bebop'
We see a shadowy figure emerging from smoke and fire, and a hooded girl who is likely the protagonist of the short. The brief video above also offers a closer look at its test animation, concept art, and some actual footage.

Jose predicted to become tropical storm
After the Caribbean was left devastated by Hurricane Irma last week , there was worry that Jose could do further damage. The report added that "tropical-storm-force winds extend outward up to 115 miles from the center".

Baby No. 2 on way for Adam Levine and wife Behati Prinsloo
Maroon 5 is now prepping their new studio album while Prinsloo is gearing up for Victoria's Secret Fashion in Shanghai, China. To some, Behati's second pregnancy will not come as a surprise. "I'm an only child so I wanted like 10 kids.for sure".

Trump mulls capping refugee quota at lowest level since 1980
Both moves were overturned in federal courts until the Supreme Court agreed in June to review the ban this October. With the Supreme Court's order on Tuesday, these have prevented the above rulings from going into effect for now.

Canelo Alvarez-Gennady Golovkin Press Conference Live Stream & Video
As Golovkin struggled to maintain the energy of the bigger man, the latter claimed later that GGG is not all he's made up to be. Canelo Alvarez Fight: Need to KnowWhere Is It? Styles really do make fights, and these are two fighters with explosive styles.

Man Utd v FC Basel: Hosts set to make thrilling winning start
The Manchester United defence needs to be up to the mark today, as Basel boast of a star poacher in Ricky van Wolfswinkel . He said: "To be back in the Champions League is just to go back to the natural habitat for Manchester United ".

Category 4 Hurricane Irma bearing down on Florida Keys
Last October, Hurricane Matthew knocked out 1.2 million FPL customers as it skirted Florida's east coast without making landfall. Its outer bands were also blowing into Georgia, where the storm's center was expected to arrive later in the day.

Tank failures in Harvey reveal vulnerabilities in storm
The measure will replenish depleted emergency accounts as Florida braces for Hurricane Irma and Texas recovers from Harvey.

Other news