Popular malware scanner compromised by malware

When you spend your time fighting monsters, beware you don’t become a monster yourself. If you’ve been using CCleaner for 32-bit Windows machines, you might want to evaluate those systems and run an actual malware scan.

In a spooky twist, recent versions of CCleaner have been installing malware programs rather than getting rid of them. The program is widely distributed, with over 2 billion downloads since November 2016 and another 5 million new downloads each week.

But the program was vulnerable to a disguised malware attack, threatening the data of those 2 billion users. The download was legitimately from the CCleaner servers, but v5.33 was installing malware programs onto machines it was downloaded onto.

The malicious version was released on August 15, but the vulnerability wasn’t detected until mid-September when the server was shut down.

The malware collected system information, ranging from lists of installed software on the machine to MAC addresses and PC names. All of the data was then sent to a remote server. While the collected data wasn’t harmful – it didn’t have any identifying information – it could be leveraged for use in later attacks.

CCleaner has since been patched and the servers guarded against a hacker using a similar vulnerability. But just to be safe, scan… And then scan again.