A recent version of CCleaner, a favorite software to tidy up computers from those pesky temporary files, was infected with a backdoor hack that collected and transmitted information about the computer. It is disturbing that CCleaner allowed such a breach but they have apologized and assured users that precautions have been taken to prevent such compromises in the future. The affected version 5.33 was available for download between August 15, 2017 and September 12, 2017. Only computers running the 32-bit operating systems are believed to be compromised.
Many of my customers run CCleaner, fortunately, many of them also run Malwarebytes. According to the their website Malwarebytes blocks the IP and domains related to this malware. It will also remove the malicious installer if it resides on your computer. CCleaner users will want to take the following steps.
- Open CCleaner and see what version you have:(see below “CCleaner Free”)
- If it says v5.34… then you have a post-compromise version and can wait for their next update. It would still be a good idea to run a Malwarebytes scan if you have it, just in case you were running the infected version at some point. (see step 4)
- If you have a version that says 5.33 then you want to uninstall it using Control Panel for Windows 7/8 or uninstall using Settings for Windows 10.
- Run Malwarebytes which can be downloaded here if you do not already have it and then download and run the installer for the latest version of CCleaner.
Here is more detailed information from Malwarebytes about the infected version.