Cisco’s Talos security team has reported that popular system maintenance software CCleanup has been found to contain malicious code. The infected versions are CCleaner V5.33.6162 and CCleaner Cloud V1.07.3191 on the 32-bit Windows platform. The former was released on August 15, 2017, while the latter was released on August 24, 2017, so if you haven’t upgraded in the past month, you won’t be affected. After installing the infected software, users secretly connect to unauthorized web pages in the background to download other software.

Since the entire malicious code stole CCleaner’s valid digital signature, this behavior would not raise any abnormal alarms, and the user would not notice. In addition, hackers will try to steal users’ private information.

CCleaner 5.33 digital signature information

CCleaner is a system cleanup tool made by Piriform, which was recently acquired by security company Avast. Although Piriform said it discovered the anomaly on September 12, removed v5.33 from its official servers that day, released a clean CCleaner V5.34, and upgraded CCleaner Cloud three days later, But researchers at Cisco’s Talos security team say about 2.27 million users have been affected.

You are advised to upgrade to the latest version.