It was found that the official download of the free versions of CCleaner 5.33 and CCleaner Cloud 1.07.3191 also contained “a malicious payload that featured a Domain Generation Algorithm as well as hardcoded Command and Control functionality.” What that means is that a hacker infiltrated Avast Piriform’s official build somewhere in the development process build to plant malware designed to steal users’ data.
While users within the target area shouldn’t see any impact from this attempted attack, it’s still a scary notion. While Avast got in front of the issue and resolved it without incident, smaller companies might not be able to react so quickly.
Users can download CCleaner 5.34 from Avast’s website if they haven’t already done so. Previous releases are also still available on the company’s website, but the infected version has been removed from the company’s servers.