Hackers have compromised a version of the hugely popular PC app CCleaner, parent company Piriform confirmed Monday. The hack involved malware that potentially allows them to access a user’s computer and steal data, according to security blog Talos Intelligence.
“For a period of time, the legitimate signed version of CCleaner 5.33 ... also contained a multistage malware payload that rode on top of the installation of Cleaner,” the blog reported. Cisco Talos, which publishes the blog, discovered the exploit Sept. 13.
A new version of CCleaner, which was not affected by the exploit, was released Sept. 12 by Piriform. However, the older version still is in circulation, and Piriform estimated 2.27 million people “used the affected software."
CCleaner is an enormously popular program that clears unnecessary files out of PCs, optimizing their performance. It also helps users maintain other installed programs. Piriform’s website says it has been downloaded over 2 billion times worldwide, with 5 million new installations every week, and it is available in both free and paid versions.
Anyone who downloaded CCleaner version 5.33, or updated an older version of CCleaner between August 15 and Sept. 12, could be affected, Cisco Talos states. Piriform says the compromise only affected customers who used the 32-bit CCleaner version 5.33.6162, and those who used CCleaner Cloud version 1.07.3191. It asked users to download an updated version of CCleaner from Piriform’s website.