Avast's CCleaner Free Windows Application Infected With Malware

Reader Tinfoil writes: Cisco Talos announces that malware cleaning app, CCleaner, has been infected with malware for the past month. Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago. Cisco Talos believes that a threat actor might have compromised Avast's supply chain and used its digital certificate to replace the legitimate CCleaner v5.33 app on its website with one that also contained the Floxif trojan. The company said more 2.27 million had downloaded the compromised version of CCleaner.

.. And the malware is

[scsirob]

... AVAST AntiVirus! Who would have guessed that a great tool like CCleaner would be messed up by Avast in no time at all.

Re:CCleaner wasn't malware all along?

[ameline]

Of course I could have easily confused them with some other anti-malware vendor when it comes to their advertising -- many of them seem to be pretty scummy - just skimming the border of drive-by installs, piggybacking on other installs (looking at *you* Adobe) etc.

Re:Never had a problem until

I felt the same way when I heard about Avast acquiring CCleaner. I refused to upgrade until I could find some reviews that said Avast hadn't ruined it with bloat like their anti-virus, and damn I'm glad I waited.

Re:CCleaner wasn't malware all along?

[CaptainDork]

It's not an anti-malware program.

It's an optimizer.

"Malware cleaning app"

[Mr.Intel]

Cisco Talos announces that malware cleaning app...

Except it wasn't a malware cleaning app. Just a cleaning app. Maybe it happened to clean malware that got caught in the recycle bin, but that's about the extent of it. Of course, it ended up being a malware-infected cleaning app. Maybe that's what the OP meant??

Re:CCleaner wasn't malware all along?

Of course I could have easily confused them with some other anti-malware vendor when it comes to their advertising -- many of them seem to be pretty scummy - just skimming the border of drive-by installs, piggybacking on other installs (looking at *you* Adobe) etc.

The notion of something like CCleaner is inherently flawed to begin with. If your system is compromised in any way, the only sane response is to wipe the disk(s), reinstall from known-good media and restore your data from a proper backup (you do keep those, right?). If anything else looks like a good idea, then either your OS has shit security or you are failing to use the security it provides.

It's not really surprising that an inherently problematic concept ("just remove it!") attracts other problems. It's called nucleation. In terms of wisdom (learning from experience - yours or others') this is really basic entry-level observation.

Windows and the consumer culture surrounding it encourages practices that are terrible from a security perspective. You can't reliably verify that a compromised machine is ever 100% trustworthy again, not without wiping and restarting. Windows actually can be locked down and made relatively secure but few users bother to do it and even in the hands of an experienced admin, this is much more straightforward on most *nixes.

Re:CCleaner wasn't malware all along?

IT IS NOT ANTI-MALWARE, IT IS A DUPE FILE REMOVER, CACHE FILE CLEANER, UTILITY TOOL FOR REMOVING STUBBORN UNINSTALLERS THAT BROKE, ETC.

You fucking idiots want to keep saying it's AV because you don't seem to know a god damn thing about it lol. "Oh it's a terrible security model" - On Windows? MORON.

WHINY PETULANT SLASHDOT BITCHES WHO THINK THEY'RE EXPERTS WITHOUT READING A GOD DAMN THING, LOL