CCleaner Hacked: What Do I Need to Know?
“CCleaner Hacked!” has been all over the internet today and for good reason. Malicious code was inserted into the CCleaner initialisation code which resulted in a two-stage backdoor being installed on users computers. The first stage of the malware collected the following information from infected systems:
Name of the computer
List of installed software, including Windows updates
List of running processes
MAC addresses of first three network adapters
Additional information whether the process is running with administrator privileges, whether it is a 64-bit system, etc.
This information was submitted to an external IP address and the second stage of the malware was downloaded to the infected machine. It appears that this second stage was not run once on the infected machine and it is highly unlikely that it will be.
You can read Paul Yung’s post on the incident here. Paul Yung is the VP of Products at Piriform, the company that makes CCleaner.
Should I be concerned?
It is very concerning that this has happened. CCleaner is a well known and trusted piece of software used by millions. The infected update was available from 15 August 2017 – 12 September 2017. It is believed that over 2 million users installed this infected version. The fact that the second stage of the malware never ran does not negate the fact that it happened and could have had much worse consequences.
Was I Infected?
If you have CCleaner installed on your computer, open it and have a look at the version number (as shown in the image below).
Check if you have a 32-bit version installed. The 64-bit version was not affected, if you have a 64-bit version of CCleaner then you do not need to worry.
If you have a 32-bit version installed and the version number is 5.33.6162 or higher then you were more than likely affected.
Users of the CCleaner Cloud version 1.07.3191 would also have been affected.
What Should I Do?
If you have a system backup, you could restore your computer back to a date prior to 15 August 2017. Then download and install the latest version of CCleaner from the website.
Run a full antivirus scan and a malware scan on your system and your backups.
Alternatively, you could reinstall Windows completely. This might sound a little over the top but it is the only way to know your system is clean after something like this happens.
If you have any concerns, please do not hesitate to contact me and remember to share with friends and family who might not be aware of this.