If you have downloaded or upgraded CCleaner application on your computer system between August 15 and September 12 of this year from its official website, then pay attention-- your computer system has been compromised.
CCleaner is a popular application with over 2 billion downloads, developed by Piriform and recently acquired by Avast, that enables users to clean up their system to optimize and improve performance.
Security researchers from Cisco Talos found that the download servers used by Avast to let users download the application were compromised by some unidentified hackers, who changed the original version of the software application with the malicious one and distributed it to millions of users for around a month.
Avast and Piriform have both confirmed that the Windows 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were affected by the malware.
Discovered on 13 September, the malicious version of CCleaner includes a multi-stage malware payload that steals information from contaminated computer systems and sends it to attacker's remote command-and-control servers.
Furthermore, the unidentified hackers signed the malicious setup executable (v5.33) using a legitimate digital signature issued to Piriform by Symantec and used Domain Generation Algorithm (DGA), so that if attackers' server went down, the DGA could produce new domains to receive and send stolen info.
The malicious software application was programmed to gather a a great deal of user information, including:
Computer system name
List of installed software application, including Windows updates
List of all running processes
IP and MAC addresses
Extra info like whether the process is running with admin privileges and whether it is a 64-bit system.
According to the Talos researchers, around 5 million people download CCleaner (or Crap Cleaner) every week, which suggests that more than 20 Million people could have been contaminated with the malicious version the app. However, Piriform estimated that approximately 3 percent of its users (approximately 2.27 million people) were affected by the malicious setup.
Affected users are highly advised to upgrade their CCleaner software application to version 5.34 or higher, in order to secure their computer systems from being compromised. The most recent version is available for download from Download.hr.