Hidden Backdoor in CCleaner Security App Has Infected 2.3 Million People

Hidden Backdoor in CCleaner Security App Has Infected 2.3 Million People

Hackers have hidden a backdoor in a security application called CCleaner. So far it has 2 billion downloads and has infected 2.3 million people and counting.

Security researchers have discovered cyber criminals have installed a backdoor in a security application for PCs. Users of the Avast-owned CCleaners for Windows have been advised to update their software immediately.

Researchers at Cisco Talos discovered the threat on Sept. 13 after CCleaner 5.33 caused their systems to flag malicious activity. The company warned that the hack could be comparable to the NotPetya ransomware outbreak, which spread after a Ukrainian accounting app was infected.

The hacked application allows for download of further malware, such as ransomware or keyloggers, and there are fears that virtually billions could be impacted. The security app has 2 billion downloads and claims to be getting five million extra a week, making the threat even more severe.

The backdoor installed in the application would send encrypted information about the infected computer - the name of the computer, installed software and running processes - back to the hacker's server. The hackers also used what is known as a domain generation algorithm (DGA) whenever the criminal's server went down, the DGA could create new domains to receive and send stolen data. Researchers have noted that the use of a DGA shows that these hackers are very sophisticated.

Further investigation found that the CCleaner download server was hosting the backdoored app as far back as Sept. 11 and the affected version had been released on August 15. Which means for weeks the malware was spreading inside a supposedly-legitimate security software.

On Sept. 12, CCleaner released an untained version of the software, version 5.34.

Featured

  • 5 Tips to Improve Your Password Security

    Change Your Password Day is right around the corner. Observed every year on February 1, the day aims to raise awareness about cybersecurity and underscores the importance of keeping passwords strong and up to date. Read Now

  • Enhancing Port Security

    DP World Yarimca, one of the largest container terminals of the Gulf of İzmit and Turkey, is a strong proponent of using industry-leading technology to deliver unrivaled value to its customers and partners. As the port is growing, DP World Yarimca needs to continue to provide uninterrupted operations and a high level of security.To address these challenges, DP World Yarimca has embraced innovative technological products, including FLIR's comprehensive portfolio of security monitoring solutions. Read Now

  • Hot AI Chatbot DeepSeek Comes Loaded With Privacy, Data Security Concerns

    In the artificial intelligence race powered by American companies like OpenAI and Google, a new Chinese rival is upending the market—even with the possible privacy and data security issues. Read Now

  • Survey: CISOs Increasing Budgets for Crisis Simulations in 2025

    Today, Cyber Performance Center, Hack The Box, released new data showcasing the perspectives of Chief Information Security Officers (CISOs) towards cyber preparedness in 2025. In the aftermath of 2024’s high-profile cybersecurity incidents, including NHS, CrowdStrike, TfL, 23andMe, and Cencora, CISOs are reassessing their organization’s readiness to manage a potential “chaos” of a full-scale cyber crisis. Read Now

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.