A popular software developed by a subsidiary of Avast were infiltrated. An unknown entity maliciously hid malware in the form of backdoor in Piriform CCleaner, a widely used cleaning utility. Piriform was acquired by Avast back in July 2017.
This is the type of application used for those who are more tech-savvy to clean debris left behind by infection or malicious changes. It is also a popular tool to speed up machines.
The 32 bit and cloud versions for Microsoft Windows were both comprised as explained by security notification on CCleaner’s support forum. The version are CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191.
This is very concerning as the malicious code in question was signed none other than the developer’s own certificate.
If you are using version 5.33.6162, you should upgrade to 5.33.6163. This will provide a lightweight automatic update and thus remove the backdoor from your system. Note, removing the software may not remedy the infection; an upgrade will be more effective. It is also important to know that those using the free version are out of luck as this does not include the ability to automatically update.