Monday, September 18th 2017

Piriform Hacked, CCleaner August Versions (v5.33.6162) Injected, Compromised

In another large-scale attack that's bound to increase users' awareness on their systems' security, news have broken out that Piriform, creators of the popular CCleaner software tool (estimated to be instaled in some 130 million devices), have suffered a hack on their servers that compromised some installer packages of the software. Piriform, which was purchased by popular security software company Avast last July, was hacked last August, and the changes to the installer packages could potentially allow hackers to control the devices of more than two million users, the company and independent researchers said on Monday.
Specifically, hackers embedded remote administration tools on CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191, tools that then tried to connect to several unregistered web pages, looking to download additional unauthorized programs, according to Cisco's Talos security research unit. Users would have noticed nothing wrong on their systems, since the entire malicious string of code was run under CCleaner's authentic digital certificate. The nature of the attack code suggests that the hacker won access to a machine used to create CCleaner, Talos researcher Craig Williams said.

CCleaner does not feature automatic updates, so if you make use of CCleaner, make sure to check your software version, and force an update through the app. Or better yet, make sure to uninstall the app and install the new, corrected version, which currently stands at 5.34.6207.

Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12, with a new, uncompromised version of CCleaner being released the same day. A clean version of CCleaner Cloud took a little while longer to be released, seeing the light of day on Sept. 15. Talos' security Craig Williams said that the issue was detected at an early stage, when the hackers appeared to be collecting information from infected machines, rather than forcing them to install new programs.Source: Reuters
Add your own comment

58 Comments on Piriform Hacked, CCleaner August Versions (v5.33.6162) Injected, Compromised

#1
Frick
Fishfaced Nincompoop
I'll just quote myself:

This is pretty damn bad. Not only were Piriform hacked but the attackers managed to alter their files as kept on their download servers as well? If that is what happened that's a failure on so many levels.
Posted on Reply
#2
StrayKAT
Damn that sucks. I just installed 5.3.4, but even that makes me wary now. Who else makes a simple reg cleaner as well as them?
Posted on Reply
#3
Arrakis+9
Frick said:
I'll just quote myself:

This is pretty damn bad. Not only were Piriform hacked but the attackers managed to alter their files as kept on their download servers as well? If that is what happened that's a failure on so many levels.
Not as bad as loosing 143m users personal info then failing to report on it for months.
Posted on Reply
#4
StrayKAT
Arrakis+9 said:
Not as bad as loosing 143m users personal info then failing to report on it for months.
I understand hackers who do that though..

But going after piriform is just being a jerkoff just for the sake of it.
Posted on Reply
#5
Liviu Cojocaru
I don't think I've updated this software in August, I will uninstall it and install the latest version. I recommend this for everybody who has it installed
Posted on Reply
#6
XiGMAKiD
They're gonna need some security tech tips from their new parent company
Posted on Reply
#7
pigulici
From security point of view: holes, holes everywhere...
Posted on Reply
#8
TheinsanegamerN
"which was purchased by popular security software company Avast last July, was hacked last August,"

And the parent company just figured it out?

*slow clap* what an amazing advisement of your software there avast! truly convincing me that you antivirus isnt going to be dog slow at finding any problems! /s
Posted on Reply
#9
Ed_1
Liviu Cojocaru said:
I don;'t think I've updated this software in August, I will uninstall it and install the latest version. I recommend this for everybody who has it installed
Here what you can do, go to CCleaner installed folder, right click on exe, hit properties>previous version.
highlight it click properties and see what version it was.
For me was 5.32 so I never ran 5.33 even though I DL it.

Then for piece of mind run few scans on system, IMO this is pretty good report at least we know relatively fast.
Posted on Reply
#10
TheMailMan78
Big Member
Its always been a useless program anyway.
Posted on Reply
#11
AlienIsGOD
i dont find it useless, i use it semi regularly. Though im on 5.24 and see no need to update :P
Posted on Reply
#12
Basard
CCleaner was cool when I had a twenty gig hdd.....
Posted on Reply
#13
trparky
Oh good God, I had that version installed. Now I've got both Windows Defender and MalwareBytes scanning my system in full paranoid mode.
Posted on Reply
#14
AlienIsGOD
one of CCleaners most useful functions for me is the registry cleaner, tho i do run the cleaner on my 120GB SSD as its nearly full
Posted on Reply
#15
Solidstate89
Glad I install CCleaner through Chocolatey for the referenced reason in the article about it not having a default automatic updater.
Posted on Reply
#16
RejZoR
TheinsanegamerN said:
"which was purchased by popular security software company Avast last July, was hacked last August,"

And the parent company just figured it out?

*slow clap* what an amazing advisement of your software there avast! truly convincing me that you antivirus isnt going to be dog slow at finding any problems! /s
Lol? You slow there? It show they are efficient if they themselves found it. It would be bad if others had to point it out. And just because someone purchased assets, that doesn't mean they know everything about the newly acquired company.
Posted on Reply
#17
TheMailMan78
Big Member
Avast company got hacked.....llololololol
Posted on Reply
#19
Manu_PT
Funny, we are on the Era of hacking, backdoors, trojans, spy, etc. Why this happens suddenly? Is hacking a new thing? It isn´t, but Windows 10 is the most flawed OS ever from microsoft and no one believes it. The way Windows 10 is built (by modules) makes it that any decent hacker can do what he wants on your system.

Ask any hacker if he prefers to deal with windows 7 or 10, and tell me the answer.
Posted on Reply
#20
Solidstate89
Manu_PT said:
Funny, we are on the Era of hacking, backdoors, trojans, spy, etc. Why this happens suddenly? Is hacking a new thing? It isn´t, but Windows 10 is the most flawed OS ever from microsoft and no one believes it. The way Windows 10 is built (by modules) makes it that any decent hacker can do what he wants on your system.

Ask any hacker if he prefers to deal with windows 7 or 10, and tell me the answer.
No one believes Windows 10 is the most flawed because it isn't true. In every single technical way, Windows 10 is far harder to compromise than Windows 7 ever was or will be. The same was true for Windows 8. Ever since Microsoft began giving a shit about security of their system with Windows Vista and the introduction of UAC (a functional equivalent that Linux Distros have had for more than a decade) every OS has been harder to crack than the last.

What your off-topic raving has anything to do with Piriform's servers being broken into, no one knows.
Posted on Reply
#21
NightOfChrist
The article could use more details.

According to Piriform's official statement, it was mentioned that the issue affected the 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191.
The 64-bit version of CCleaner was not mentioned at all.
And I assume this is about the installer version of CCleaner, not the portable version, although further details and/or confirmations from Piriform regarding this matter is required.
Posted on Reply
#22
neatfeatguy
I haven't updated my CCleaner for a good long while. I rarely use it. When I do, it's generally just to clean out the temp folders. I'm still back on version 5.06.5219.

I always, out of force of habit, disable any programs from automatically updating when possible. I'll pick and choose when I want to update something.
Posted on Reply
#23
WootyB
Manu_PT said:
Funny, we are on the Era of hacking, backdoors, trojans, spy, etc. Why this happens suddenly? Is hacking a new thing? It isn´t, but Windows 10 is the most flawed OS ever from microsoft and no one believes it. The way Windows 10 is built (by modules) makes it that any decent hacker can do what he wants on your system.

Ask any hacker if he prefers to deal with windows 7 or 10, and tell me the answer.
How is this relevant at all?? This has NOTHING to do with OS versions inside the Windows OS family. Because the infected code was injected into the software with a VALID, TRUSTED signature, this would've infected your Windows 8 and Windows 7 PC just the same. Literally has no weight on how the attack functions. Actually if you are scared about security and don't want to go to Unix, don't use an outdated OS that's not receiving the lastest security security patches, for example, anything below 10. Not only are you compromising yourself but you aren't getting benefits such as DirextX 12 if you game, nor comparability for new devices such as AR and VR, Hello/Biometrics, newer CPU support etc.

Also not sure why Piriform is getting a bad wrap, it actually caught the flaw before most larger companies do. Do a search for Intel AMT flaw, a far worse security flaw that was open for several years before they found it, still affects most PC's with AMT activated.

Yes, it's safe to still use CCleaner, and kudos for being informed enough to find this article and keep yourselves in the know. If you work in a Medical industry like me, Security is number one, and if we dropped every piece of software that's ever been compromised we couldn't function. My recommendations is to continue staying informed by looking into security advisories just like this, and make sure you are running the latest security updates from Microsoft and your Antivirus.
Posted on Reply
#24
trparky
WootyB said:
don't use an outdated OS that's not receiving the lastest security security patches
Technically Windows 7 is still supported with security patches.
Posted on Reply
#25
rtwjunkie
PC Gaming Enthusiast
TheinsanegamerN said:
"which was purchased by popular security software company Avast last July, was hacked last August,"

And the parent company just figured it out?

*slow clap* what an amazing advisement of your software there avast! truly convincing me that you antivirus isnt going to be dog slow at finding any problems! /s
Go read Piriform's business info. Avast just purchased them in July 2017. This is not long ago at all.

As with any merger/acquisition, it takes awhile before the new company and its practices are changed to mirror the new parent company.

Time wise, this isn't bad at all.
Posted on Reply
Add your own comment