If you downloaded or upgraded CCleaner between 15th August and September 12th 2017 it probably installed a bunch of malware.
So called security firm Avast has admitted inadvertently distributing a version of CCleaner, a popular PC tune-up tool, for nearly a month with a trojan inside, infecting an estimated 2.27 million users.
Downloading or updating CCleaner to version 5.33 during this time infected your machine with a backdoor capable or spying on everything you do online.
In a blog post Avast’s CTO and CEO make the following statement
We estimate that 2.27 million users had the v5.33.6162 software, and 5,010 users had the v1.07.3191 of CCleaner Cloud installed on 32-bit Windows machines. We believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm.
There is no indication or evidence that any additional malware has been delivered through the backdoor. In the case of CCleaner Cloud, the software was automatically updated. For users of the desktop version of CCleaner, we encourage them to download and install the latest version of the software.
The fact that the malware was built into CCleaner’s digitally signed installation package, suggests that either an employee of the company is to blame, or someone at the ‘security’ firm had their account compromised.
This attack shows that a reliable antivirus solution is critical in protecting you and your data from the bad guys.