Cisco’s Talos cyber security team discovered that hackers had covertly infiltrated the servers of Avast, the cyber security software company that owns CCleaner, and added malware into a version of CCleaner as it was being built.
In an ironic turn of fate, software designed to help stop the spread of malicious code had been turned into a carrier of malware. The Talos team said that the CCleaner 5.33 and CCleaner Cloud 1.07.3191 tools were infected and believe that around two million users are at risk from the malware, which has the potential to steal data.
The Talos team quickly alerted Avast to the infection, and the security company moved to fix the situation by purging the hackers from its server and releasing a patched version of CCleaner; people with version 5.34 should be safe from the malware.
However, people with older versions of the tool may still be at risk, though there have yet to be any reports on the hackers using their hidden malware to cause problems and pinch private information.
This form of cyber attack is known as a supply chain attack and is a particularly effective way to distribute malware as it exploits the trust between software providers and their users; CCleaner has been a trusted tool for PC maintenance for years and as such many people wouldn’t imagine it harbouring malware.
In such cases, the onus of security rests on the software suppliers shoulders, but you can still help keep your cyber security defences up by ensuring you have anti-virus and anti-malware software from a reputable brand and keep that software updated.