Which? uses cookies to improve our sites and by continuing you agree to our cookies policy.

CCleaner malware hack: what it is and what you need to do

More than two million users of CCleaner's PC clean-up software may be affected

More than two million users of CCleaner may have downloaded a version of the software that had been hacked to include malware. 

CCleaner’s software, which is frequently recommended, is used for cleaning up a PC and making it run faster. In total, it has been downloaded more than two billion times, according to its maker Avast.

More than two million of these users may be affected after hackers managed to breach the company’s security and inject a strain of malware that was mass distributed via CCleaner downloads.

If you’re a user of CCleaner, here’s how to find out if you’re affected and what you need to do next.

Antivirus reviews – find the best free and paid packages to protect your computer.

What happened?

Piriform, which is the developer behind CCleaner and is owned by security firm Avast, had digitally signed off on a version of CCleaner software that was released in August. It was subsequently downloaded by millions of users.

But it was found that two lines of code had been injected into the software, opening a channel from a user’s PC to receive commands from hackers.

Security researchers at Cisco Talos found that “a multi-stage malware payload” had been delivered during the installation period for CCleaner. Piriform subsequently confirmed that about 2.3 million users are believed to have been infected.

Piriform said that the malware could have sent non-sensitive information from the user’s computer, including “computer name, IP address, list of installed software, list of active software, list of network adapters”, to a third-party server in the US. It also loaded another payload onto the computer that was never executed.

At this stage, it’s unclear what the hackers actually planned to do with this attack.

CCleaner: Is my PC infected?

If you’ve recently downloaded CCleaner, it’s possible your PC is affected. Piriform has said it believes its servers were compromised for almost a month-long period from around 15 August. This lasted until 12 September, when it updated its servers with a new version of CCleaner.

If you downloaded CCleaner during this period, or have version v5.33.6162 of the software on your PC, you’ll need to follow the steps below.

It is understood that v1.07.3191 of CCleaner Cloud may also be affected, but no other Piriform or CCleaner products are thought to have been affected by the hack.

What to do if you’re affected

Piriform updated CCleaner on 12 September, so if you’ve accepted an update to the software you should be covered.

If you haven’t been notified of the update, any user of the 32-bit version of CCleaner v5.33.6162 should download the latest version of Piriform CCleaner here.

Following this, it’s best to run a scan of your computer, either via your antivirus program if you have one, or by downloading MalwareBytes Anti-Malware Free. This should clean or isolate and remove any additional infections that may have occurred.

Back to top