Piriform Has Been Hacked and Recent CCleaner Versions Compromised

Piriform is the victim of a large-scale attack.

In one of the most recent and serious hacks, CCleaner creator Piriform has been compromised. Piriform was purchased some while ago by Avast for about $1.3 billion USD, but it appears that the hackers managed to bypass its security measures. As a result, CCleaner has been compromised, at least v5.33.6162 and CCleaner Cloud v1.07.3191. CCleaner is estimated to be installed on about 130 million devices, by the way. The hackers made changes to the installer packages, which could allow them to control more than two million devices.

What did they do exactly?

To be specific, they managed to install remote administration tools on CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191. According to Cisco’s Talos security research unit, these tools attempted to access various unregistered web pages. They then tried to download additional unauthorized programs. On the user’s side, nothing would look out of order. The bad news is that CCleaner does not have an automatic updates system. Therefore, you’ll need to check for updates manually in order to be on the safe side. You could also uninstall the app completely and install version 5.34.6207, which is safe.

The attacks were discovered by Avast on September 12, and the company issued a clean version of CCleaner on the same day. Things were a little bit trickier with CCleaner Cloud though. The uncompromised version of that software was released on September 15. Since the hack was caught early, it looks like the people behind it only got a chance to collect some information. They weren’t forcing the compromised machines to install new programs, at least not yet.

Are you a CCleaner user, and if so, have you updated to the new version of the program?