Cisco Talos specialists reported a serious vulnerability of the CCleaner software, namely CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for Windows, through which malware was distributed. Attackers could receive some user information (computer name, IP address, list of installed programs), as well as remotely control the device.
Experts found the problem at the initial stage of information gathering. Hacking the program has already been compared to the Petya virus
Security experts compared the hacking of CCleaner to the recent attack of the extortion virus Petya (NotPetya), which was distributed through updates to the accounting program MEDoc. According to Talos, the vulnerability was discovered on September 13, data about the problem was transferred to the developer CCleaner.
In today’s statement Piriform (developer CCleaner) the presence of vulnerabilities in the utilities of the named versions has been confirmed. They noted that the compromised applications became known on September 12 from specialists of Avast, which in July this year acquired Piriform. The exact extent of this problem has not yet been reported, but according to the developer, about 3% of users of the service (4 million people) could be at risk.
Piriform already released updates for CCleaner and CCleaner Cloud, where the vulnerabilities were closed. CCleaner v5.34 can be downloaded from the developer’s site, and the cloud version of the CCleaner Cloud utility should be updated automatically.