CCleanup Infected By Malware In Supply Chain Attack

Image: Adapted from Talos

Why try to trick you into installing malware when you'll do it voluntarily? That was the tactic used by attackers who infiltrated Avast's servers and planted malicious software into CCleanup 5.33 recently. The malware was detected by Cisco Talos during some routine beta testing of their updated detection engine.

The methods used by the attackers, described in great detail at the Talos blog, were very sophisticated with lots of countermeasures taken in order to avoid detection. Talos notified Avast immediately, after finding the infected application last week.

In the period before detection, the affected version of CCleaner was downloaded about 2.27 million times.

While not a common form of attack, the method is highly effective as it exploits the trust between users and software vendors. Unlike the attack on Apple's XCode almost exactly two years ago, which distributed XCodeGhost to software developers who downloaded a version of XCode being distributed through unauthorised third parties, this attack infected the software source at its point of legitimate point of origin.

The Talos researchers say the evidence points to either an insider attack or to a compromised developer account leading to the infected binaries being produced. Remediation is either restore the system to the state it was in at or before 15 August 2017 or rebuild the system.


    Anyone legitimately use these 'cleaner' apps at all?

      I used CC couple years ago, didn't think it made pc any better and was doing some weird things so i uninstalled it.

      I admit I'm not a fan but, if you're the family "help desk" I'll bet someone you know has something like this installed.

        We've seen a couple of kids with 4 different anti virus software installed.

        Older people seem to also think more is better, now in regards to phones as well as computers. Phones do not need ccleaners.

      It's a lot quicker to clear my temp folders and various browser caches to quickly free up space using ccleaner (note: it's not called ccleanup) than having to go into the browsers settings and drive properties in windows directly.

        Windows cleanup does a much better job and it knows which error files/logs/update files it is done with and will give you much more space.

    I started using ccleaner years ago to manage cookies. It is great to use to clear caches & temp files etc.

Join the discussion!

Trending Stories Right Now