CCleaner came bundled with malware for a month and nobody noticed

CCleaner — a program usually used to clean Windows, Android and MacOS of errant software and data — has itself been infected by a trojan.

A new report by Talos suggests that for nearly a month the program’s installer didn’t just install Piriform’s file cleaner, but rather additional malware.

“For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,” the Talos team explains in a blog post.

This malware was reportedly bundled with the program’s install files located within Piriform’s legitimate download servers.

“We confirmed that this malicious version of CCleaner was being hosted directly on CCleaner’s download server as recently as September 11, 2017,” Talos adds.

The versions affected includes 5.33, released on 15 August 2017, and 5.34, released on 12 September 2017. The program’s Cloud version 1.07.3191 is also reportedly tainted.

Piriform announced on Monday that its security issues have been “resolved”.

We’d just like to reassure our customers that any #CCleaner security issues have been resolved. More: https://t.co/Xecg665M2N

— Piriform (@piriform) September 18, 2017

“Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm,” Paul Yung, Piriform’s VP of products confirmed.

But users aren’t so sure.

Yeah…piriform products are coming off my PCs and mobile devices.

— David Kehoe (@mrpeabody89) September 19, 2017

Too late! You never got my trust again.

— Peak (@ampeakms) September 19, 2017