The Avast subsidiary has released two new versions of CCleaner following the discovery of a supply-chain attack.

Dark Reading Staff, Dark Reading

September 20, 2017

1 Min Read

Piriform, a subsidiary of Avast, has released a security notification for CCleaner version 5.34 for Windows 32-bit devices, and CCleaner Cloud version 1.07.3214. This update comes after it was discovered earlier versions of CCleaner were compromised to deliver malware to users.

Earlier this month, researchers found CCleaner and CCleaner Cloud were being illegally altered before they were released to the public. The download for CCleaner v5.33 was accompanied by a multi-stage malware payload, signed using a valid digital signature issued to Piriform.

The presence of a valid digital signature indicates an attacker infected a portion of CCleaner's development or build environment, and used this access to inject malware. It's also possible an insider with access to either environment intentionally inserted malicious code.

The updated releases announced today do not contain the Floxif malware, which was discovered in the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. Floxif is designed to steal information from victims' systems and download additional malware.

"...the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we're moving all existing CCleaner v5.33.6162 users to the latest version," says Paul Yung, VP of products. "Users of CCleaner Cloud version 1.07.3191 have received an automatic update."

Read more details here.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights