Sometimes the software designed to protect your computer from cyber attacks winds up being vulnerable itself.
That’s exactly what happened when hackers compromised CCleaner; one of the most popular and heavily downloaded PC clean-up programs in the world.
Here’s our guide explaining the CCleaner malware attack in 2019, who’s at risk, and what you can do to protect your computer against malicious attacks posing as harmless clean-up software.
What is CCleaner?
Since 2003, CCleaner has been a simple and popular utility that deletes old and unwanted files from your computer. It’s designed to help speed up your machine’s performance by reducing storage load, and it helps protect against hidden malware infections buried deep inside your computer files.
That’s what makes what happened next to many unsuspecting users so surprising.
What is CCleaner Malware and What Does it Do?
In September 2017, hackers broke into CCleaner’s build environment and inserted two malware Trojans. These pieces of malicious code were well-disguised as new versions of CCleaner.
When users went online to download the latest updates to the cleaning utility, over 2 million people unwittingly installed the virus directly onto their computers, according to Time magazine.
The malware itself is designed to collect personal data about the infected computer, including the software it has installed, its IP address, who has admin privileges, and more. The trojan also gives the hackers remote access to some machines.
After an initial effort from Avast Piriform, the company that created CCleaner, the threat was considered neutralized. But some infected machines received a second-stage payload that appeared to primarily target large U.S.-based tech companies like Sony, Samsung, VMWare, and more.
It’s believed that the CCleaner malware attack was part of an attempt to conduct corporate espionage and may have links back to China, according to a report from the U.S. National Counterintelligence and Security Center.
Who is at Risk of Getting CCleaner Malware?
Anyone using the 32-bit Windows version of CCleaner is at risk. But those running the free version are more at risk because it doesn’t have automatic updates. That being said, anyone running any version of CCleaner should update to the latest version immediately.
While normal everyday folks and small businesses were likely not the main targets of this malware attack, it’s still best to remove the virus for safety and privacy reasons.
How to Know if your Computer is Infected with CCleaner Malware
The CCleaner malware is relatively unassuming and lays low, quietly gathering and transmitting data from your machine in the background. You probably won’t know its there unless you look for it. It’s very different from data or screen-locking ransomware attacks that have become more and more popular in recent years.
Though there may not be many outward symptoms that can warn you if your machine is infected, anyone who has downloaded or updated CCleaner since 2017 may be at risk.
Check what version of CCleaner your system is currently running. If you ever downloaded CCleaner 5.33 or CCleaner Cloud 1.07.3191 for Windows you may be at risk. In fact, any machine running a version of CCleaner prior to 5.34 on a Windows machine could be compromised (Mac users were not affected).
You can find your CCleaner version number in the upper left-hand corner of the program while it’s open.
How to Remove CCleaner Malware
If you downloaded one of the compromised versions of CCleaner, it’s a good idea to run a full system scan and update to the latest version, according to several leading antivirus firms. Or just delete the program altogether.
1. Update to the latest version of CCleaner
In the lower right-hand corner of the CCleaner program, you’ll see a link to “Check for updates.” Click the link and you’ll be taken to CCleaner’s website, where you’ll be able to download the latest version.
An official statement from CCleaner in 2017 notes that updating to a version of the program from 5.34 or higher should remove the vulnerability.
2. Alternatively, you can choose to remove CCleaner from your machine entirely
You can do this by using the Windows Uninstall tool under Start -> Settings -> System & Settings -> Apps & Features. Simply select the Uninstall button next to CCleaner to delete the compromised version.
3. Run a scan with your antivirus
Though upgrading CCleaner or uninstalling it should fix the problem, you’ll want to use powerful antivirus software to remove any last traces of malware, just to be safe. See our top ten recommendations.
Start Preparing for the Next Breach Now
For regular people, the CCleaner virus isn’t all that difficult to deal with. But there are other forms of malware out there that can be extremely dangerous, including doxxing and file-encrypting ransomware. Make sure you keep your antivirus up to date so it can protect you against the latest threats.
It’s also a smart idea to create regular offline or “cold” backups of your most important files. Store them on a hard drive or USB drive that remains unconnected to your computer or network in case your machine becomes infected again.
The CCleaner malware attack is mostly behind us, but if you’re running an old version of the utility or just want to be safe, make sure you update to the latest build and give your system regular virus scans.