Users of a free software tool designed to optimize system performance on Windows PCs and Android mobile devices got a nasty shock this morning when Piriform, the company which makes the CCleaner tool, revealed in a blog post that certain versions of the software had been compromised by hackers — and that malicious, data-harvesting software had piggybacked on its installer program.
The malware was supposedly capable of harvesting various types of data from infected machines — specifically, Piriform says: the computer name, IP address, list of installed software, list of active software and list of network adapters (data it describes as “non-sensitive”) — transmitting it to a third party computer server located in the US.
“We have no indications that any other data has been sent to the server,” it writes. “Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done. It would have been an impediment to the law enforcement agency’s investigation to have gone public with this before the server was disabled and we completed our initial assessment,” it added.
A spokeswoman for security giant Avast, which acquired the UK-based company back in July, told us: “We believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm.”
“We estimate that 2.27 million users had the affected software installed on 32-bit Windows machines,” she further added.
Should you happen to be one of the millions of users that downloaded the infected version 5.33, your best bet is to head to Piriform’s website here and update to the latest iteration of CCleaner.