The CCleaner Hack: What You Need To Know

By now, you’ve probably heard that popular system cleaner CCleaner (short for “Crap Cleaner”) was compromised by hackers, who inserted malware into it because hackers have a sense of irony like anyone else. So what happened, and how do you stop it?

First off, the good news: This malware wasn’t around long and is easy to fix. This was only available in a fairly narrow span of time, August 15th to September 12th, on the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. So if you didn’t download those versions, or downloaded it before or after that time frame, you should be fine. If you did, you should upgrade to the new version of CCleaner immediately, as the program doesn’t auto-update. Look for CCleaner Cloud 1.07.3214 and CCleaner 5.34. Once you upgrade, you’re safe, although running a scan of your computer would be a good idea.

The malware, Floxif, also only targeted “admin” level accounts on computers, so if you have a separate account for your elderly grandmother who downloads everything, it likely never kicked in. Also, it appears the malware simply collected information about the computers it was uploaded on; while Floxif can download and execute other forms of malware, Avast, CCleaner’s distributor, hasn’t found evidence it did so.

The details are still being reconstructed, but it appears hackers compromised the server the CCleaner executable (i.e. the program you download) was stored on and put the malware over the top, sort of like somebody sneezing on your salad before handing it to you. Because CCleaner had a valid digital certificate, essentially a hall pass, the malware was installed without anti-virus software catching wind of it.

It’s not clear who did this or why. That’s still unfolding. But at least the fix is easy and the lesson is simple: When it comes to downloading software, trust, but verify.

(via The Verge)

×