CCleaner Used As Malware Host, 2.27 Million User Affected

Posted on by Ryan


Piriform’s popular security app CCleaner has been hacked hackers and has been distributing malware for the past four weeks. This was discovered by Cisco’s Talos division and has affected 2.27 million users worldwide.


Piriform said in a blog post

“The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a third party computer server in the USA. We have no indications that any other data has been sent to the server… We are continuing to investigate how this compromise happened, who did it, and why. We are working with US law enforcement in their investigation. A more technical description of the issue is on our Piriform blog.”

Talos also reported..

“In analyzing DNS-based telemetry data related to this attack, Talos identified a significant number of systems making DNS requests attempting to resolve the domains associated with the aforementioned DGA domains. As these domains have never been registered, it is reasonable to conclude that the only conditions in which systems would be attempting to resolve the IP addresses associated with them is if they had been impacted by this malware.”


It’s highly recommended that if you use CCleaner to update to CCleaner 5.34 immediately.