Cyber Crooks Manage To Compromise CCleaner 5.33 Version

The well-known and popular CCleaner PC optimizer software developed by Piriform Ltd. was compromised and its 5.33 version contained serious malicious code, a backdoor. This could have made severe damage to millions of unsuspecting computer users since this malicious version was able to survive for almost a month without detection. If you downloaded CCleaner 5.33 for your 32-bit Windows operating system between August 15 and September 12, 2017, it is most likely that you got this corrupted version and cyber criminals have acquired all technical information about your PC and your system. Fortunately, this professionally designed attack failed to cause actual damage to the infected users apart from stealing information as the Command and Control (C&C) servers got shut down by the police and a vigilant threat intelligence team. Although this backdoor cannot really harm you anymore since the server-side issues have been dealt with and eliminated, it is still important that you address this virtual security issue and remove this backdoor from your system by updating your CCleaner softwware to the latest version (5.35).

This dangerous threat was not distributed via the usual questionable channels. You could infect your computer with similar threats, for example, via spam e-mails, clicking on deceptive software download pop-up ads, third-party ads, or when you download free software from shady torrent and freeware pages. However, in this case the almost impossible happened. These cyber criminals actually managed to upload the corrupted software version with the original and legitimate digital signature to the developer's server. In other words, by using the provided download links on, the official website for CCleaner, you could directly infect your system with this backdoor. CCleaner was originally a product of Piriform Ltd., a successful software developer company, which was later acquired by Avast in the middle of the summer of 2017. Avast assumes that this malicious cyber attack had been prepared before their acquisition as proofs suggest. Still, it has been a great and unfortunate breach that could have ended much worse.

According to company officials, around 2.3 million computer users may have infected their system with this corrupted software version. One third of them have been updated already and thus the backdoor have been removed from their system. Although other websites and malware hunters may suggest that in order for you to delete this backdoor infection from your PC entirely, you need to apply a system restoration point that dates back prior to the malicious version was released, Avast officials confirmed that this would be unnecessary.

The 5.33 version of CCleaner got compromised and a corrupted version started to spread on the web for about a month. This version contained a backdoor component that collected important technical data from the victim's computer that was encrypted and encoded before sent to a remote C&C server. This component only started to operate if 601 seconds passed and the user had administrator rights. This sort of limited the number of the affected computers as well as the fact that only 32-bit Windows operating systems were targeted. Otherwise, statistics show that around 5 million users install this PC optimization tool every week, which could have meant around 20 million infected users, i.e., about 10 times as many as got affected in the end. This malicious code also used a Domain Generation Algorithm (DGA) in order to try to acquire working IP addresses in case their primary C&C server failed to respond. Although this whole attack seems like a sophisticated inside job as legitimate digital signature was used to release an official version corrupted by these crooks, it also seems that they failed their mission because no real damage was done due to the fact that the servers got shut down in time to stop a possible second phase of this attack. The good news is that Avast made sure that a new update come out that would remove this backdoor automatically.

So, fortunately, no system re-installation or restoration needed if you want to deal with this backdoor infection. The most important thing is that you update your CCleaner software to the latest version, which is 5.35 right now. This should sort out this particular issue. But you cannot forget about the problem that your PC may not be properly protected against similar threats. Of course, in this case even that may not have been enough as this backdoor infection managed to stay under the radar for a month. Still, the best way for you to safeguard your precious PC is to employ a trustworthy malware removal program, such as SpyHunter. It is also important that you keep all your programs and drivers always updated to prevent cyber criminals from exploiting outdated software versions.