Hacked CCleaner Spreads Malware to 2.3 Million in Free App
Updated from 9/18 to include comments from the CEO and CTO:
How ironic is it when software designed to protect you from hackers, gets hacked itself?
CCleaner is supposed to block malware, not grant access to it. But that's exactly what happened from Aug. 15 to Sept. 12. The free application is designed to detect and remove unwanted cookies and prevent hackers for stealing private information. But for four weeks about 2.27 million users clicked on the trusted application only to receive tainted software.
When renowned anti-virus developer Avast purchased CCleaner from Piriform in July, it should have had some clue about what it was getting into, or rather, what could get into its new software.
"Avast first learned about the possible malware on September 12, 8:35 AM PT from a company called Morphisec which notified us about their initial findings. We believe that Morphisec also notified Cisco," CEO, Vince Steckler, and CTO, Ondrej Vlcek, published a blog post Tuesday.
This link with take you to the Steckler, Vlcek blog that explains how hackers compromised the CCleaner software at some stage of development. Hackers added a backdoor code to be used for additional malware uploads at a later date.
The malware was found in the Aug. 15 release. The just-released Sept. 13 version is said to be clean, according to Avast, with its 2 billion users who are not affected.
Anyone who uploaded CCleaner between Aug. 15 to Sept. 12 are advised to manually download and update their software immediately.
More of What's Trending on TheStreet:
