Avast's CCleaner Free Windows Application Infected With Malware

Reader Tinfoil writes: Cisco Talos announces that malware cleaning app, CCleaner, has been infected with malware for the past month. Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago. Cisco Talos believes that a threat actor might have compromised Avast's supply chain and used its digital certificate to replace the legitimate CCleaner v5.33 app on its website with one that also contained the Floxif trojan. The company said more 2.27 million had downloaded the compromised version of CCleaner.

Re:Anyone know if the malware is detectable / fixa

[TWX]

Sure. CCleaner version 5.34. Available from downloads.ru today!

Re:CCleaner wasn't malware all along?

[forkfail]

Norton should sue for patent infringement.

Re:CCleaner wasn't malware all along?

It's not an anti-malware program.

It's an optimizer.

If they're trying to optimize Windows, oh man have they got their work cut out for them. Even with all its massive resources and full access to source code, even Microsoft couldn't do that!

Re:CCleaner wasn't malware all along?

[thegarbz]

If your system is compromised in any way, the only sane response is to wipe the disk(s),

Wipe the disks? Are you nuts. I say we take off and nuke the entire site from orbit. It's the only way to be sure!