CCleaner, a popular anti-malware software, has been the next target of supply chain attacks. A backdoor has been installed that sends key information about the machine, which is used to then fetch a payload (component of the virus that executes malicious activity) allowing remote access and control of the computer, has affected around 2.3 million users. CCleaner has been a nice little program to get rid of unwanted temporary files, files left behind by uninstalled programs, clean the registry, among other things. It was a recommended software through my university and used in every corporate setting I've been in. Being an IT professional, when a user reports problems with their computer, CCleaner is on my list of programs to initially run though and scan their machines (along with MalwareBytes, who does a VERY informative write up of this issue here). I felt obligated to pass this along.
If you are a CCleaner user, there are two ways I've seen to make sure you're not vulnerable:
- Update your CCleaner version to version 5.34 or higher. Affected versions: CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. The infected version is 5.33 and was available from August 15 until September 12.
- Restore from backups or reimage systems to ensure that they completely remove not only the backdoored version of CCleaner but also any other malware that may be resident on the system.