“For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner… During the installation of CCleaner 5.33, the 32-bit CCleaner binary that was included also contained a malicious payload that featured a Domain Generation Algorithm (DGA) as well as hardcoded Command and Control (C2) functionality. We confirmed that this malicious version of CCleaner was being hosted directly on CCleaner’s download server as recently as September 11, 2017.”
Talos Blog – CCleanup: A Vast Number of Machines at Risk
This may be big. News of this was all over the web this morning.
The only advice I have as of now is uninstall CCleaner. A newer version of CCleaner is out (v5.34) but it is unknown if this eliminates the problem. AFAIK the portable versions are not infected.
This may only affect 32-bit users.
I’ll post more info as it comes in.
***Update 0640hrs
There is an official statement at the CCleaner blog:
Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users
***Update 1430hrs
See CCleaner Compromised, part 2
Thanks for the heads-up, I’ll pass this around.
I’m doing the same (with links back to here of course) I get the feeling that theres more to this than meets the eye.