Sometimes the software designed to protect our computers from cyber attacks winds up being vulnerable itself.
That’s exactly what happened when hackers compromised CCleaner; one of the most popular and heavily downloaded PC clean-up programs in the world.
Here’s our guide explaining the CCleaner malware attack in 2019, who’s at risk, and what you can do to protect your computer against malicious attacks posing as harmless clean-up software.
What is CCleaner Malware?
Since 2003, CCleaner has been a simple and popular utility that deletes old and unwanted files from your computer. It’s designed to help speed up your machine’s performance by reducing storage load, and it helps protect against hidden malware infections burried deep in your computers files.
That’s what makes what happened next to many unsuspecting users so surprising.
In September 2017, hackers broke into CCleaner’s build environment and inserted two malware Trojans. These pieces of malicious code were well-disguised as new versions of CCleaner.
When users went online to download the latest updates to the cleaning utility, over 2 million people unwittingly installed the virus directly onto their computers, according to Time magazine.
The malware itself is designed to collect personal data about the infected computer, including the software it has installed, its IP address, who has admin privileges, and more. The trojan also gives the hackers remote access to some machines.
After an initial effort from Avast Piriform, the company that created CCleaner, the threat was considered neutralized. But some infected machines received a second-stage payload that appeared to primarily target large U.S.-based tech companies like Sony, Samsung, VMWare, and more.
It’s believed that the CCleaner malware attack was part of an attempt to conduct corporate espionage and may have links back to China, according to a report from the U.S. National Counterintelligence and Security Center.
How to Know if Your Computer Is Infected with CCleaner Malware
The CCleaner malware is relatively unassuming and lays low, quietly gathering and transmitting data from your machine in the background.
It’s very different from data or screen-locking ransomware attacks that have become more and more popular in recent years.
Though there may not be many outward symptoms that your machine is infected, anyone who has downloaded or updated CCleaner since 2017 may be at risk.
Check what version of CCleaner your system is currently running.
If you ever downloaded CCleaner 5.33 or CCleaner Cloud 1.07.3191 for Windows you may be at risk.
In fact, any machine running a version of CCleaner prior to 5.34 on a Windows machine could be compromised (Mac users were not affected).
You can find your CCleaner version number in the upper left hand corner of the program while its open.
How to Get Rid of CCleaner Malware
Normal, everyday folks and small businesses were, most likely, not the main targets of this malware attack. Still, it’s best to remove the virus for safety and privacy reasons.
If you downloaded one of the compromised versions of CCleaner, it’s a good idea to run a full scan of your system and update to the latest version, according to several leading antivirus firms.
Or just delete the program all together.
First, update to the latest version of CCleaner (or remove it)
In the lower right-hand corner of the CCleaner program, you’ll see a link to “Check for updates.”
Click the link and you’ll be taken to CCleaner’s website, where you’ll be able to download the latest version.
An official statement from CCleaner from September 18, 2017 notes that updating to a version of the program from 5.34 or higher should remove the vulnerability.
Alternatively, you can choose to remove CCleaner from your machine entirely by using the Windows Uninstall tool under Start -> Settings -> System & Settings -> Apps & Features.
Simply select the Uninstall button next to CCleaner to delete the compromised version.
Next, run a scan with your antivirus.
Though upgrading CCleaner or uninstalling it should fix the problem, you’ll want to use your antivirus software to remove any last traces of malware, just to be safe.
We love Norton Antivirus and the built-in Windows Defender.
Use either of them to wipe your machine clear of any harmful leftovers from the breach.
Start Preparing for the Next Breach Now
For most regular people, the CCleaner virus won’t be all that difficult to deal with.
But there are other forms of malware out there that can be extremely dangerous, including doxxing and file-encrypting ransomware.
Make sure you keep your antivirus software up to date so it can protect you against the latest threats.
It’s also a smart idea to create regular offline or “cold” backups of your most important files. Store them on a hard drive or USB drive that remains unconnected to your computer or network in case your machine becomes infected again.
In 2019, the CCleaner malware attack is mostly behind us, but if you’re running an old version of the utility or just want to be safe, make sure you update to the latest build and give you system regular virus scans.