A diagram of the malware process can be seen below.įirst, the free version of CCleaner doesn’t do automated updates. Talos isn’t clear on what exactly the malware was supposed to do. On Septemwhile conducting customer beta testing of our new exploit detection technology, Cisco Talos identified a specific executable which was triggering our advanced malware protection systems…it appears that the affected version (5.33) was released on August 15, 2017…It is also important to note that while previous versions of the CCleaner installer are currently still available on the download server, the version containing the malicious payloads has been removed and is no longer available. Talos found that CCleaner Cloud version is infected as well. The malware was found in a signed CCleaner version 5.3 installer. The DetectionĬisco’s Talos Intelligence group detected the malware during beta testing of a new exploit-detection technology. The most ironic thing about this situation is that CCleaner was bought by antivirus vendor Avast. CCleaner has been downloaded more than 2 billion times, so the impact could be huge.
The malware was inserted by an attacker by compromising the software’s supply chain.
The CCleaner software utility was found to be infected with malware.
