CCleaner is a widely popular service that can clean your PC, Mac and Android device. Unfortunately, hackers managed to hide malware in the application. The servers of Avast, CCleaner’s owner, contained malware according to Cisco Talos: “For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,”
Avast claims that their popular software has over 2 billion downloads, but “only” 2.27 million users are affected by the attack. According to a spokesperson at Avast, the malware was stopped before anything bad happened to the affected users: “Piriform believes that these users are safe now as its investigation indicates it was able to disarm the threat before it was able to do any harm,” The idea of the malware was to gather infected PCs in a botnet, but it seems like no users got included in the botnet before the virus was stopped.
Since CCleaner is so big, Talos think that the hackers took advantage of the fact that users trust CCleaner and the files a lot: “By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users’ inherent trust in the files and web servers used to distribute updates,”
Do you use CCleaner? Will you stop using it now? Let us know in the comments section!