Update: CCleaner Hack
Some of the more technical readers of this blog might have heard that the popular CCleaner application by Avast has had malware running within it since August. That means anyone who downloaded a version of CCleaner in August or September might want to check to see if you are vulnerable. If you are a Thrive customer we will be checking you automatically.
Per Avast “Piriform CCleaner v5.33.6162 was released on the 15th of August, and a regularly scheduled update to CCleaner, without compromised code, was released on the 12th of September. CCleaner Cloud v1.07.3191 was released on the 24th of August, and updated with a version without compromised code on September 15”.
So, if you are running version 5.33.6162 or cloud version 1.07.3191, you are infected.
This was all noticed by Cisco, who found that a multi-stage malware payload was riding on top of the application. Essentially CCleaner was running as normal, but this other application was also installed with it.
If your system was infected it is recommended you restore your system to a date before August 15th, 2017 or reinstall the system.
UPDATE: Piriform, owned by Avast, estimates 2.27 million users were affected. The number has been reduced to 730,000 due to efforts to upgrade the software. It was reported in USA TODAY that Piriform believes it was able to disarm the threat before the malware was able to harm any of its customers. If you are a Thrive customer, we have already pushed all updates to your machines.