Hackers infiltrate free PC cleaning software CCleaner

Even if you’re cautious, it’s still possible for hackers to infiltrate your computer.

The latest security breach targeted British software firm Piriform, known for its free software CCleaner. Hackers compromised CCleaner in a sophisticated attack that affected over 2 million computers, security researchers and Piriform confirmed Monday.

CCleaner deletes unneeded files and web browser caches to keep Windows computers free of junk. But hackers were able to successfully place malware into a new version, released in August. This allowed them to control infected computers.

Piriform said in a blog post its parent company Avast discovered the hack affected two products — CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 — on September 12. The firm has since updated the software.

The company said it worked with law enforcement to shut down the hacker’s server “before any known harm was done.” The breach could let hackers collect computer names, IP addresses, and lists of what software people use, but no sensitive data was collected, it added.

Researchers from security firm Cisco Talos, which detected the hack, call it a “supply chain attack.” Attackers got into the original computer system where the software was built, and those who downloaded would have no way of knowing their computer was compromised

Research indicated the hacker was collecting information, like reconnaissance, about infected computers, according to Talos researcher Craig Williams.

In July, Avast acquired Piriform and said about 130 million people use CCleaner.

“The malware works like a loader,” Williams said. “The bad guy could take any kind of malware he wanted, like ransomware, and push that down to end users.”

The strategy is similar to the major global NotPetya attack in June that targeted Ukrainian tax software, Williams added. Hackers infected trusted software and people downloaded it without realizing it contained malware.

Piriform advises Windows users to check if they are running compromised versions, delete the app, and install the new safe version.