20 September, 2017
Cisco Talos says the malicious version of CCleaner was released on August 15; it notified Piriform-CCleaner's UK-based developer, which was acquired by Avast in July-on September 13 and the server was shut down.
Billing itself the "world's most popular PC cleaner and optimisation tool", Avast's CCleaner is trusted by consumers to speed up PC and smartphone performance by removing unneeded/necessary files.
The company has called this "non-sensitive data" used to profile affected PCs. CCleaner users have received a notification to update to a new version, but Monday's warning is the first time they've been told why.
CCleaner has been downloaded by more than 2.27 million people, who are believed to have been affected by the attack.
Note to criminals: I was not using version 5.33.6162. Users who'd had undetected malware on their computers for (potentially) a month could've had their data stolen or their systems compromised in other ways.More news: Altherr's grand slam lifts Phillies past Dodgers 4-3
Avast vice-president: products Paul Yung has issued a statement confirming that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud were illegally modified before being released to the public. Users of our cloud version have received an automated update.
The virus was unearthed by tech security researchers, and users of the app have been advised to update their software immediately.
Unfortunately, there's very little users could've done to prevent this from happening, as the malware came with an official app, hosted on an official server. The nature of this compromise - getting a backdoor into maintenance software - strongly suggests that criminals managed to gain access to a machine used in the process of producing the CCleaner application.
He apologised for any inconvenience that had been caused and said the company's investigation into the attack was "ongoing".
Talos researcher Craig Williams said it was a sophisticated attack - saying that the optimisation software had a proper digital certificate, which means that other computers automatically trust the program.