Avast reckons CCleaner malware infected 2.27M users
https://techcrunch.com/2017/09/18/avast-reckons-ccleaner-malware-infected-2-27m-users/9/18/2017
Users of a free software tool designed to optimize system performance on Windows PCs and Android mobile devices got a nasty shock this morning when Piriform, the company which makes the CCleaner tool, revealed in a blog post that certain versions of the software had been compromised by hackers — and that malicious, data-harvesting software had piggybacked on its installer program.
The affected versions of the software are CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191.
The company is urging users to upgrade to version 5.34 or higher (which it says is available for download here).
So clearly some users may still have a compromised PC on their hands (Piriform says it’s moving all users of the CCleaner to the latest version of the software, while noting that users of CCleaner Cloud will have been updated automatically.)
The malware was apparently capable of harvesting various types of data from infected machines — specifically, Piriform says: the computer name, IP address, list of installed software, list of active software and list of network adapters (data it describes as “non-sensitive”) — transmitting it to a third party computer server located in the US.
“We have no indications that any other data has been sent to the server,” it writes....