CCleaner is a utility program created to delete unwanted files from a computer.
Owned by the British software company Piriform, which has long developed cleaning and optimization software, CCleaner is able to rid temporary files that eat up disk space and invalid registry keys. During the cleanup, malicious files buried inside users' system can also be discovered and deleted.
With the many users using CCleaner as their main utility tool for cleaning up their systems, the software was one of the most popular among users.
However, in September 2017, a CCleaner malware was discovered.
What happened here was hackers taking the legitimate program and inserted malicious code that was designed to steal data from users, essentially turning the tool into a malware that poses serious threat to users' sensitive and personal information.
According to Kaspersky Labs, the malware consisted of two trojans: Trojan.Floxif and Trojan.Nyetya.
These trojans were inserted into the free versions of CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. In order to plant the tampered CCleaner to CCleaner's servers, it's believed that the hackers compromised CCleaner's build environment.
According to reports, when installed, the malware is capable of gathering specific data from an infected computer system.
This include IP addresses and information on installed and active software among others, and sending the data to a third-party server located in the United States.
CCleaner's parent company, Avast Piriform, found the malware on September 12, 2017, and immediately took steps to eliminate the problem.
After further research into this malware, Piriform realized that the malware infection has a second stage payload.
This was first discovered by Cisco Talos, a security intelligence and research group. This payload targeted approximately 20 of the largest technology companies, including Google, Microsoft, Cisco, Samsung, HTC, VMWare and Intel, as well as infecting 40 computers.
"Given that the logs were only collected for little over three days, the actual number of computers that received the 2nd stage payload was likely at least in the order of hundreds," said the company.
Knowing this, the researchers concern that the CCleaner malware could be part of a state-sponsored attack.
CCleaner is known to be a great tool for eliminating malicious programs and unwanted used disk space. But the CCleaner malware incident proves that even the programs created to protect users from threats are themselves not immune to hackers.
Regarded as one of the largest supply-chain malware attack of all times, where hackers compromised the company's servers for more than a month and replaced the original version of the software with the malicious one, it's believed that more than 2 million users were infected.