Chat with us, powered by LiveChat

What is CCleaner?

CCleaner a computer and phone cleaning utility tool, has been hijacked by cyber attackers who used the tool to spread malware.

White IT does not endorse the use of such cleaning programs and only trained professionals should use them, when we do use them we remove them after use.

What Happened?

Hackers have successfully breached CCleaner’s security to inject malware into the app and distribute it to millions of users. Security researchers at Cisco Talos discovered that download servers used by Avast (the company that owns CCleaner) were compromised to distribute malware inside CCleaner. “For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner”.

What does the malware do?

It gathers information like your IP address, computer name, a list of installed software on your computer, a list of active software and a list of network adapters and sends it to a third-party computer server. Your credit card numbers, social security number and the like seem to be safe.

“Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done,”.

The malware was also programmed to collect a bunch of user data, including:

  • Name of the computer
  • List of installed software, including Windows updates
  • List of running processes
  • MAC addresses of first three network adapters
  • Additional information whether the process is running with administrator privileges, whether it is a 64-bit system, etc.

What do we recommend?

White IT recommends not having CCleaner on your machine/device at all. If you do have problems we normally use a suite of other programs on your PC or device to clean them.

CCleaner is a professional use tool, meaning that it should not be used by a normal end user client. Primarily because when used wrongly can lead to system corruption and windows errors.

We also recommend removing it from your systems ASAP. If you don’t feel confident in removing it please call us urgently.