CCleaner Hacked

I just want to take a minute to address the fact that CCleaner was hacked last month, because their service is something I have recommended to people a number of times throughout the past. For those of you unfamiliar with the program, CCleaner is a free cache, cookie and data cleaning program which deletes and clears unwanted or unnecessary data storage from your browsers and computer. The first “C” in CCleaner literally stands for “crap,” because the majority of the data that it clears from your system is just useless crap that your computer happens to store.

It is important to understand that only 2 versions of the Software were compromised, specifically between the dates of mid-August to mid-September 2017. This means that if you did not manually update or install the program on your computer over this 3-4 week period, your version of the cleaner is still safe to use. However, if you did install or update over this time period then your computer has been infected with “Malware” and the appropriate measures should be taken to remove it.

In statements made available to BeepingComputer, Avast CTO Ondrej Vlcek clarified that updating to the newest version of CCleaner will automatically remove the Malware for you, explaining that “the only malware to remove is the one embedded in the CCleaner binary itself.” Therefore, you would be wise to uninstall and shred your current version of CCleaner whatever that may be, run a virus scan just to be safe, and then download the newest version online just like you have done in the past.

According to Vlcek, as of September 18th 2017, at least 2.27 million CCleaner users worldwide have already done just this to protect their computers. He also says that all of Avast’s research and investigations into the hack “indicates we were able to disarm the threat before it was able to do any harm.” Adding that “There is no indication or evidence that any additional malware” was delivered through the backdoor installed by the hack.

Is The Program Still Safe To Use?

This isn’t necessarily for me to decide for you, but despite vouching for this program on multiple occasions in the past, after the news this week I do not see myself using or installing CCleaner on my personal computer in the future. For example, I just got a new Alienware 17 for my business this morning, but I have no plans on installing CCleaner on it. On my old/backup laptop? Sure, why not, I will keep CCleaner running there.

If you pay good money for and/or upgrade your anti-virus software, you can find similar cache, cookie and data cleaning programs provided in there. Part of the only reason that CCleaner remains so popular with internet users is that it is completely free to use. However, as with almost everything else in life, when it comes to cyber security you really do get what you pay for. I do not think it is a great surprise that a free security program like CCleaner was hacked last month and honestly, I am actually more surprised that something like this did not happen sooner.

This article was produced under an Alt_Publishers License Agreement

Categories: Hacking News

%d bloggers like this: