[HACKED] A Reminder To Be Vigilant
Piriform, developer of the popular CCleaner software, issued a security bulletin on September 18, 2017. Somehow, malware sneaked into recent versions of CCleaner and CCleaner Cloud. Here is what you need to know...
What Happened to CCleaner?
CCleaner was hacked, and over 2 million users were affected -- this much we know. According to the Piriform security bulletin, the infected CCleaner versions were released in August; specifically, they are CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191. If you have either of those, you should immediately uninstall it and, if necessary, update to the latest version of the program.
If there's any good news here, it is this: The malware that snuck into CCleaner is odd in that it doesn’t do very much. It just sniffs out the victim’s the computer name, IP address, list of installed software, list of active software and list of network adapters and transmits them to a server located in the US. My understanding has always been that any software running locally can access ANYTHING on that machine. So why collect and transmit only this data, which seems harmless?
That rogue data collection server has been shut down. But what the perpetrators hoped to do with this information is anyone’s guess. Mine is that they are scouting older Windows systems in hopes of finding the ones that are unpatched, (perhaps Windows XP machines) and later targeting them with some other customized attack.
The CCleaner malware has been found only on 32-bit Windows systems. That doesn’t mean you can keep the infected versions if you have a 64-bit system. Once the malware was discovered, Piriform pushed out a cleaner CCleaner. Be safe and upgrade to the latest version of CCleaner. Users of CCleaner Cloud will be automatically updated.
The malware also infected mobile devices. Piriform claims 130 million total users of CCleaner, including 15 million Android users. If you have the mobile version of CCleaner, remove or update it ASAP. (There is no CCleaner for Apple iOS devices, such as the iPhone or iPad.)
Piriform claims that 2,270,000 of CCleaner’s users have been infected and their system specs transmitted to an unknown party. The fact this malware hasn’t done any significant harm is some comfort, but the question of how these versions of CCleaner got loaded with malware remains.
An Inside Job?
Piriform says the affected versions of CCleaner were infected before they were released to the public. That means it was an inside job; an employee, contractor, or perhaps a software tester slipped the malware into the final versions. That mole may still be in Piriform. The company says they are investigating, and have moved to a new development platform that should prevent this from occurring in future versions.
The Google Play Store screens apps before making them available to download. Obviously, this malware slipped through. It’s not the first malware that has evaded Google Play’s detection; Google removed nearly 100 apps in the past month after users and security researchers reported that the apps did dastardly deeds. Even the best malware detectors are not perfect.
If you have the Google Play Store app on your phone, you automatically have constant anti-malware protection. Open the Play Store app, tap the “three bars” icon in the upper left corner, scroll down a page, and tap “Play Protect.” The slider switch at the bottom right corner of the Play Protect screen should be in the “on” position. If so, Play Protect is constantly scanning all of the apps on your phone. If it detects potential malware, it will alert you. If an app is trying to do something destructive, Play Protect will delete it.
As Good As it Gets
The moral of this tale - aside from “update CCleaner now” - is that you can’t count on anyone else to protect you against malware. Downloading apps only from Google Play Store does not provide 100% security. Neither does getting free software direct from a "trusted" developer. In this case, CCleaner was infected before it left Piriform’s offices.
It's troubling that this malware went undetected for a month. I'm also concerned because Piriform says: "At this stage, we don’t want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it."
So what are the chances that other popular freeware used by millions of people are also similarly affected? After learning about this hack, I'm forced to assume the worst. The best you can do is to keep anti-malware protection running on your local PC and mobile devices at all times, and stay informed.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 20 Sep 2017
|For Fun: Buy Bob a Snickers.
Wolfram Alpha: The Answer Calculator
The Top Twenty
Geekly Update - 21 Sep 2017
There's more reader feedback... See all 23 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- [HACKED] A Reminder To Be Vigilant (Posted: 20 Sep 2017)
Copyright © 2005 - Bob Rankin - All Rights Reserved