In other words, the people behind CCleaner don't think any of the 2.27 million people who downloaded and ran the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud have actually been harmed by this malware. The company said it has contacted law enforcement authorities and is also urging users to download a new, malware-free version of CCleaner released last week.
Piriform revealed that the malware collected system information-including lists of installed software and Windows updates, MAC addresses of network adapters, PC names and information from the Windows registry key; all of which was sent to a remote server.
The malware, which was distributed through the update server for the Windows cleanup utility CCleaner, was apparently inserted by an attacker who compromised the software "supply chain" of Piriform, which was acquired by Avast in July.
The company believes it was able to disarm the malware before it harmed users.
"This is very troublesome because it indicates that attackers were able to control a critical piece of the infrastructure used by the vendor".
The postal and telecommunications recommends that you temporarily unable to use the program "CCleaner". Users of our cloud version have received an automated update.
Talos registered all of the domains associated with the algorithm, which had not been previously configured, to "black hole" the malware and prevent it from reestablishing communications in the future.
While Piriform and Avast continue to look into the cause of the issue, the more than two million people who use CCleaner have to live unsure if the app they count on to keep their computer running smoothly and efficiently may have infected their machine with malware.
You can download version 5.34 of CCleaner here.
CCleaner is an application that helps computer-owners keep their devices optimised, by cleaning cookies, internet history and other temporary files.
It turns out that CCleaner, developed by a subsidiary of cybersecurity firm Avast, was compromised with malware.
Talos researcher Craig Williams said it was a sophisticated attack because it penetrated an established and trusted supplier in a manner similar to June's "NotPetya" attack on companies that downloaded infected Ukrainian accounting software.
According to Piriform, its new parent company Avast had found the affected versions of the software had been compromised on 12 September. "Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public".
The flagged executable was signed with a valid digital certificate issued to Piriform, but came with an additional payload. "The investigation is still ongoing", Piriform's Yung said.