large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Hackers sneak malware into CCleaner putting millions of PC users at risk

Hackers have managed to insert malware into PC cleaning tool CCleaner, putting millions of users at risk from data theft and hack attacks. 

Cisco’s Talos cyber security team discovered that hackers had covertly infiltrated the servers of Avast, the cyber security software company that owns CCleaner, and added malware into a version of CCleaner as it was being built.

In an ironic turn of fate, software designed to help stop the spread of malicious code had been turned into a carrier of malware. The Talos team said that the CCleaner 5.33 and CCleaner Cloud 1.07.3191 tools were infected and believe that around two million users are at risk from the malware, which has the potential to steal data.

The Talos team quickly alerted Avast to the infection, and the security company moved to fix the situation by purging the hackers from its server and releasing a patched version of CCleaner; people with version 5.34 should be safe from the malware.

However, people with older versions of the tool may still be at risk, though there have yet to be any reports of the hackers using their hidden malware to cause problems and pinch private information.

This form of cyber attack is known as a supply chain attack and is a particularly effective way to distribute malware as it exploits the trust between software providers and their users; CCleaner has been a trusted tool for PC maintenance for years and as such many people wouldn’t imagine it harbouring malware.

In such cases, the onus of security rests on the software suppliers shoulders, but you can still help keep your cyber security defences up by ensuring you have anti-virus and anti-malware software from a reputable brand and keep that software updated.

Related: How to tackle malware on a Windows PC 

What’s your PC cleaner tool of choice? Let us know on Twitter or Facebook. 

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.