If you are a user of the CCleaner application on your computer and you downloaded the program sometime between August 15 and September 12, 2017, you are at risk of being compromised.

With over 2 billion downloads since its creation, CCleaner is a popular system cleaner & optimizer application distributed by security company, Avast. A supply chain attack, similar to how the worldwide Petya ransomware was spread, compromised Avast’s application download servers, replacing the original software with a malicious one that lingered on their servers for about a month.

It has been confirmed by Avast that the CCleaner Windows 32-bit version v5.33.6162 and CCleaner Cloud v1.07.3191 have been infected by the malware.

This highly dangerous malware does its dirty work by stealing personal information from the infected computers and sends it to the hacker’s servers. Even worse, their attack is encrypted so that if the hackers’ server is taken down, their algorithm could generate fresh domains that relay the stolen information to another location.

According to Avast, the impersonator malware collects various amounts of user data, including:

  • The computer name, IP & MAC addresses
  • A list of installed software, including Windows updates
  • List of all running processes
  • Access to admin privileges
  • Whether it is a 32-bit or 64-bit system

Talos estimates that nearly 5 million people install CCleaner every week, though Piriform, the original program creator, estimates that up to 3 percent of its users (up to 2.27 million people) were affected by the attack.

We highly recommend every user of the CCleaner software to upgrade to version 5.34 or higher, to protect your computers from being victimized by this attack.

If you have any questions regarding whether you are a user of CCleaner and may be a victim of this attack, feel free to call us at 877-85-RHINO, or 281-779-4850 and we can assist you.