SECURITY ALERT: Malware Inside CCleaner 5.33 Trojan

A Quick Word On CCleaner
We feel that it is important to note that CCleaner itself is not malware. ccleaner In fact, it is a legitimate PC tool which cleans cookies and junk programs from PCs and Android phones to make them run faster. Therefore the “CCleaner 5.33 Trojan” as we refer to it in this alert does not refer to the CCleaner program, but the Trojan virus that infects the update installer for CCleaner 5.33.

SECURITY ALERT: Malware Inside PC Cleaner Software (CCleaner 5.33 Trojan)
Hackers successfully breached CCleaner’s security to inject a Trojan into the app and distribute it to the 2.27 million PCs that downloaded the booby-trapped update. Security experts at Cisco Talos discovered that the download servers used by Avast (the company that owns CCleaner) were compromised to distribute malware. “For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,” says the Talos team.

Instead of the traditional manner of attacking individual machines themselves, hackers have been targeting download servers to more easily spread malware. We previously talked about these sorts of changes to the threat landscape in our June 2017 blog post on internet security. Long story short, it is very important to monitor your systems closely.

This is an unusual attack as similar software is trusted by millions of consumers and meant to remove “crapware” from a system. “By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates,” says Talos. The malware itself appears to have been designed to use infected PCs as part of a botnet.

What Is The CCleaner 5.33 Trojan?

ccleaner path of infection

Click to enlarge.

In computer security, a "Trojan horse" or simply "Trojan" is a type of malware that is disguised as legitimate software. Users are tricked into loading and executing these viruses on their systems. Once activated, a Trojan can enable hackers to spy on your activity, steal sensitive data, and/or gain backdoor access to your system and take remote control over your computer.

Dan Goodin with ArsTechnica explains, “The stage-one malware examined the domains of all 2.27 million infected PCs. It surreptitiously collected a variety of data from each one, including all installed programs, all running processes, the operating-system version, hardware information, whether the user had administrative rights, and the hostname and domain name associated with the system. If the computers were hosted inside one of the 25 targeted networks, the attackers would attempt to infect them with stage two.”

The CCleaner 5.33 Trojan can endanger your entire PC if you do not get rid of it in a timely manner. It damages system files to weaken security of your PC so that more infections can invade and cause additional damage or security breaches. This Trojan also allows the remote attacker enter your system and gain access to your files, accounts and other sensitive information. Your personal identity will be at risk and you may suffer financial loss from such actions.

How Can I Keep My Computer Secure? 
To avoid the mentioned problems, we recommend you to get rid of CCleaner 5.33 Trojan until further notice. Our team is prepared to assist in removing the virus. If you suspect that your system may have been affected, please reach out to us.


Comments are closed.