August's version of CCleaner was compromised

CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were both affected by this hack

August's version of CCleaner was compromised

August's version of CCleaner was compromised

Piriform has confirmed that last month hackers were able to gain access to their servers and inject malicious software into both CCleaner and CCleaner Cloud (CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191), leaving two million users at risk.  
Thankfully, CCleaner does not auto-update, limiting this exploit to new downloads of the program. This exploit gave game CCleaner remote administration tools that tried to connect to several unregistered webpages, which could have been used to download more unauthorised programs. More startling is the fact that there was no way to know that your machine was exploited.

Piriform's CCleaner is a trusted program for a large number of PC users, with 2.27 million users downloading the compromised version of CCleaner and around 5,000 users downloading the compromised version of CCleaner Cloud. The attack was originally uncovered by Avast, Piriform's parent company, on September 12th, with a new uncompromised version of CCleaner releasing on the same day and a uncompromised version of CCleaner Cloud releasing on September 25th. 
In conjunction with US law enforcement, Piriform has been able to shut down the server which traffic from compromised machines was directed to. It is said that this server was shut down "before and known harm was done".
Our advice is that users of CCleaner check their apps version number to see whether or not they are using a compromised version. Users of these malicious versions of CCleaner should uninstall the app immediately and install an up-to-date version to replace it. 


August's version of CCleaner was compromised  

Right now it looks like hackers were using this exploit to collect information from infected machines, rather than use the exploit to install ransomware or additional malicious applications. 

Today's version of CCleaner does not contain this exploit (v5.34.6207). 


You can join the discussion on Piriform's CCleaner being compromised on the OC3D Forums


«Prev 1 Next»

Most Recent Comments

18-09-2017, 09:00:43

Lol, I deemed this software rather disruptive and destructive a long time ago, already.Quote

18-09-2017, 09:21:09

only the 32 bit version was affected.Quote

18-09-2017, 14:38:54

I've already updated without the uninstall, should be okayQuote

20-09-2017, 08:53:12

Originally Posted by Peace Ð View Post
Lol, I deemed this software rather disruptive and destructive a long time ago, already.
I use this in my computer store. It's quite good and we put it on ALL of our systems. If you use the correct settings it's perfectly safe.

Good that they caught this and fixed it quickly. Well done Piriform. Quote

20-09-2017, 09:07:59

I had that version installed, but I didn't download it from Piriform but rather Filehippo. Not sure that version was infected as I scanned my entire system with 3 different AV software. Nothing was found.Quote

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.