informa
/
Attacks/Breaches
Quick Hits

Avast-Owned Piriform Releases CCleaner Security Update

The Avast subsidiary has released two new versions of CCleaner following the discovery of a supply-chain attack.

Piriform, a subsidiary of Avast, has released a security notification for CCleaner version 5.34 for Windows 32-bit devices, and CCleaner Cloud version 1.07.3214. This update comes after it was discovered earlier versions of CCleaner were compromised to deliver malware to users.

Earlier this month, researchers found CCleaner and CCleaner Cloud were being illegally altered before they were released to the public. The download for CCleaner v5.33 was accompanied by a multi-stage malware payload, signed using a valid digital signature issued to Piriform.

The presence of a valid digital signature indicates an attacker infected a portion of CCleaner's development or build environment, and used this access to inject malware. It's also possible an insider with access to either environment intentionally inserted malicious code.

The updated releases announced today do not contain the Floxif malware, which was discovered in the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. Floxif is designed to steal information from victims' systems and download additional malware.

"...the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we're moving all existing CCleaner v5.33.6162 users to the latest version," says Paul Yung, VP of products. "Users of CCleaner Cloud version 1.07.3191 have received an automatic update."

Read more details here.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5