GAMBIT MAGAZINE

Entertainment Unfiltered

CCleaner Gets Used as Malware Host by Hackers

B. Simmons September 19, 2017 in Tech Tagged , , - 2 Minutes
CCleaner

You might be one of the over 2 million affected.

If you use CCleaner, now might be a wise time to upgrade it.  As discovered by Cisco’s Talos division, hackers may have been using a backdoor from a remote location to gather non-essential data from users of the program.

Avast owned Piriform, the makers of CCleaner, believe that nearly 3% of their userbase may have been affected. Specifically, if they used CCleaner 5.33 (available for download between August 15 and September 12), and CCleaner Cloud 1.07 (launched August 24). As per Piriform’s blog post:

The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA. We have no indications that any other data has been sent to the server. Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done. It would have been an impediment to the law enforcement agency’s investigation to have gone public with this before the server was disabled and we completed our initial assessment. Between the 12th and the 15th, we took immediate action to make sure that our Piriform CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 users were safe – we worked with download sites to remove CCleaner v5.33.6162, we pushed out a notification to update CCleaner users from v5.33.6162 to v5.34, we automatically updated those where it was possible to do so, and we automatically updated CCleaner Cloud users from v1.07.3191 to 1.07.3214.

You can download the new version here. Talos also weighed in on the issue:

In analyzing DNS-based telemetry data related to this attack, Talos identified a significant number of systems making DNS requests attempting to resolve the domains associated with the aforementioned DGA domains. As these domains have never been registered, it is reasonable to conclude that the only conditions in which systems would be attempting to resolve the IP addresses associated with them is if they had been impacted by this malware. While most of the domains associated with this DGA have little to no request traffic associated with them, the domains related to the months of August and September (which correlates with when this threat was active in the wild) show significantly more activity.

So, if you use CCleaner, update it. Otherwise you might be giving away more info than you’d like.

READ:  Apple Gives Apple TV Xbox One And PS4 Controller Support

About Author

B. Simmons

Based out of Glendale California, Bryan is a GAMbIT’s resident gaming contributor. Specializing in PC and portable gaming, you can find Bryan on his 3DS playing Monster Hunter or at one of the various conventions throughout the state.

See author's posts

Related Posts

ZOTAC GAMING Offers Massive Discounts During Amazon Gaming Week
April 30, 2024
Delta
Free Delta Emulator Now Available For iOS On The App Store
April 17, 2024
Windows 11
Windows 11 Start Menu To Slowly Get More Infested By Ads At Microsoft’s Behest
April 17, 2024

B. Simmons

Based out of Glendale California, Bryan is a GAMbIT's resident gaming contributor. Specializing in PC and portable gaming, you can find Bryan on his 3DS playing Monster Hunter or at one of the various conventions throughout the state.

Learn More →

You May Have Missed!

5 MinutesRainbow Cotton Review
Game Reviews
Rainbow Cotton Remaster Review
May 10, 2024
3 MinutesEA
Video Games
EA Studios “Hunger” For The Chance To Start Using Generative AI, Says CEO
May 9, 2024
1 Minute
Movies Television News
Disney and Warner Bros. Discovery Announce Disney+, Hulu, Max Bundle
May 8, 2024
1 Minute
Video Games
Movie Studio Management Sim ‘Blockbuster Inc.’ Drops This June
May 8, 2024