Piriform announced on Monday that on September 12th, 2017 they discovered that the 32-bit version of their CCleaner and CCleaner Cloud programs were infected with malware. Approximately 3% of their CCleaner customers, specifically those running 32-bit Windows 10, were affected. The versions that were affected are CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows PCs. The Android version for phones doesn’t seem to be affected.
Piriform issued a press release to their Cleaner customers, users and supporters with more details:
“We would like to apologize for a security incident that we have recently found in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. A suspicious activity was identified on September 12th, 2017, where we saw an unknown IP address receiving data from software found in version 5.33.6162 of CCleaner, and CCleaner Cloud version 1.07.3191, on 32-bit Windows systems. Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process. We also immediately contacted law enforcement units and worked with them on resolving the issue. Before delving into the technical details, let me say that the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version. Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.”
“At this stage, we don’t want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it. The investigation is still ongoing. We want to thank the Avast Threat Labs for their help and assistance with this analysis.”
“Again, we would like to apologize for any inconvenience this incident could have caused to our clients; we are taking detailed steps internally so that this does not happen again, and to ensure your security while using any of our Piriform products. Users of our cloud version have received an automated update. For all other users, if you have not already done so, we encourage you to update your CCleaner software to version 5.34 or higher.”
Bottom line, most people have a 64-bit Windows system, so they are probably not affected by this. To be safe, I recommend that all users of CCleaner run a scan with Malwarebytes, and update to the latest version of CCleaner (5.34) via Patch My PC.