More than 2 million users possibly at risk.
It seems that CCleaner, one of PCWorld’s recommendations for the best free software for new PCs (go.pcworld.com/fspc), might not have been keeping your PC so clean after all. In an in-depth probe of the popular optimization and scrubbing software, Cisco Talos (go. pcworld.com/ssct) has discovered a malicious bit of code injected by hackers that could have affected more than 2 million users who downloaded the most recent update.
On Sept. 13, Cisco Talos found that the official download of the free versions of CCleaner 5.33 and CCleaner Cloud 1.07.3191 also contained “a malicious payload that featured a Domain Generation Algorithm as well as hardcoded Command and Control functionality.” What that means is that a hacker infiltrated Avast Piriform’s official build somewhere in the development process build to plant malware designed to steal users’ data.
Cisco Talos suspects that the attacker “compromised a portion of (CCleaner’s) development or build environment and leveraged that access to insert malware into the CCleaner build that was released and hosted by the organization.” As such, customers’ personal information was not at risk.
You can read up to 3 premium stories before you subscribe to Magzter GOLD
Log in, if you are already a subscriber
Get unlimited access to thousands of curated premium stories, newspapers and 5,000+ magazines
READ THE ENTIRE ISSUE