Malicious Code Present in “Piriform – CCleaner v5.33” – CleanUp

CCleaner is a system cleanup tool by Piriform, which is now owned by Avast. A suspicious activity was identified on September 12th, 2017, where an unknown IP address receiving data from software found in version 5.33.6162 of CCleaner. Later it was found that the 5.33.6162 version of CCleaner was illegally modified before it was released to the public.

The malicious code sent encrypted information about the infected machine to a C&C server that the hackers had set up. Among other things, the name of the computer, a list of installed programs and running processes, as well as the Mac addresses of the network adapters also received by the C&C.

This alone is not too sensitive information. However, the infected file opened a backdoor, allowing the attackers to load additional malicious software, such as keyloggers.

Click here to understand, how Saner can help organizations to protect against “Malicious CCleaner v5.33” and similar threat’s.