Backdoor In CCleaner Security App Infects 2.3 Million Users

Antivirus software development company Avast has advised users of its CCleaner security application for Windows to immediately update their software after discovering a backdoor in the security tool, installed by a team of criminal hackers, Forbes is reporting. Nearly 2.27 million users have been infected, although Avast has said that users should not panic.

“Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm”, according to Avast.

For those who aren’t familiar, CCleaner is a maintenance and file clean-up software by anti-virus giant Avast, and has been downloaded over 2 billion times. The infected application is said to allow for downloading of further malware, be it ransomware or keyloggers.

Initial research has found that the CCleaner download server was hosting the backdoored app as far back as September 11. The affected version was released on August 15, but on September 12 an untainted version 5.34 was released.

The malware would send encrypted information about the infected computer – the name of the computer, installed software and running processes – back to the hackers’ server. The hackers also used what’s known as a domain generation algorithm (DGA); whenever the crooks’ server went down, the DGA could create new domains to receive and send stolen data. Use of DGAs shows some sophistication on the part of the attackers.

If you are using CCleaner software on your systems, head over to this page to download the latest version.