You are here

CCleanup: A Vast Number of Machines at Risk!

2 posts / 0 new
Last post
imaverick's picture
Last seen: 1 month 2 weeks ago
Joined: 2010-01-18 14:38
CCleanup: A Vast Number of Machines at Risk!

Sorry to be off topic here but I have no idea how to reach out to the platform's owner as no contact email is made public.

A well researched case shows how very popular and widely known softwares like CCleaner for instance have been used, and still are, to distribute malware either to organizations and individuals. The report is extremely detailed so I'll paste the intro only.
Please see here for the complete post:

This post was authored by: Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig Williams

Update 9/18: CCleaner Cloud version 1.07.3191 is also reported to be affected


Supply chain attacks are a very effective way to distribute malicious software into target organizations. This is because with supply chain attacks, the attackers are relying on the trust relationship between a manufacturer or supplier and a customer. This trust relationship is then abused to attack organizations and individuals and may be performed for a number of different reasons. The Nyetya worm that was released into the wild earlier in 2017 showed just how potent these types of attacks can be. Frequently, as with Nyetya, the initial infection vector can remain elusive for quite some time. Luckily with tools like AMP the additional visibility can usually help direct attention to the initial vector.

Talos recently observed a case where the download servers used by software vendor to distribute a legitimate software package were leveraged to deliver malware to unsuspecting victims. For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner. CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week. Given the potential damage that could be caused by a network of infected computers even a tiny fraction of this size we decided to move quickly. On September 13, 2017 Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities. The following sections will discuss the specific details regarding this attack...

Please see here for the complete post:

Ken Herbert
Ken Herbert's picture
Last seen: 15 min 16 sec ago
Joined: 2010-05-25 18:19
We don't do CCleaner

We don't provide an officially released PortableApps package of CCleaner, so there is nothing for us to act on in that respect.

Log in or register to post comments