One of the most popular system utility app "CCleaner" which have more than 2 billions download and has more than 2 million active users, has been hacked to distribute malware direct to its users.
The reports by Cisco Talos, states that the app has been infected with a malicious payload that made it possible to download and execute other suspicious software, including ransomware and keyloggers.
Its parent company Avast and developer Piriform have confirmed the report, but they told that they have not found any evidence to suggest the exploit was used to install additional malware.
CCleaner is an application that allows users to perform routine maintenance on their systems. It includes functionality such as cleaning of temporary files, analyzing the system to determine ways in which performance can be optimized and provides a more streamlined way to manage installed applications.
In the initial analysis Talos identified that the downloaded installation executable was signed using a valid digital signature issued to Piriform, CCleaner was not the only application that came with the download. During the installation of CCleaner 5.33, the 32-bit CCleaner binary that was included also contained a malicious payload that featured a Domain Generation Algorithm (DGA) as well as hardcoded Command and Control (C2) functionality, which confirms that it was a malicious version of the app which is hosted in official download server of the CCleaner.
Talos’ report warns that the malware was found in CCleaner version 5.33, which was actively distributed between August 15 and September 12. Most nasty thing is that Avast chief technical officer Ondrej Vlcek said that, the malware-infested version of CCleaner was downloaded by 2.27 million users.
The reports by Cisco Talos, states that the app has been infected with a malicious payload that made it possible to download and execute other suspicious software, including ransomware and keyloggers.
Its parent company Avast and developer Piriform have confirmed the report, but they told that they have not found any evidence to suggest the exploit was used to install additional malware.
"On September 13, 2017 while conducting customer beta testing of our new exploit detection technology, Cisco Talos identified a specific executable which was triggering our advanced malware protection systems. Upon closer inspection, the executable in question was the installer for CCleaner v5.33, which was being delivered to endpoints by the legitimate CCleaner download servers." - Talos says on the report.
Also read: Google launched mobile payment app - Tez
If you are also using CCleaner in your system then it may be possible you are also using the infected version of the CCleaner.
We recommend to all our users to go head to official site of the Piriform and download and use the latest version of the CCleaner. Also do update your security application (antivirus apps) and have a full system scan.