CCleaner Hack – 5 Must-Knows For Windows Users

CCleaner Hack Update. Over the course of one month, 2.3 million users unknowingly downloaded malicious software onto their computers from the CCleaner website. Unknown hackers replaced the original software with a malicious version. Then, the hacker’s software was distributed to everyone that downloaded or updated the application between August 15 and September 12 of this year.

If you use the CCleaner application, your computer might be compromised. Read on to learn more about who’s been infected, what happened and the steps you can take to protect yourself in the wake of the attack.

Who’s Infected

If you are concerned that you are using corrupted software, the first step is to check your software’s version. Avast Software —the parent company of the firm that makes CCleaner—recommends that everyone using CCleaner v5.33.6162 or CCleaner Cloud v1.07.3191 delete the application as soon as possible. Once the application is completely deleted from your computer, you can download the uninfected version from CCleaner’s main website.

[caption id="attachment_14095" align="aligncenter" width="640"] Credit How To Geek[/caption]

To check if you have CCleaner and/or determine which version you’re using, follow the steps below:

  • Step one, search for the CCleaner application or locate it on your desktop.
  • Step two, click “Properties.”
  • Step three, click on “Details” on the window that pops up. Once you are in the details section, look at the number next to “File version.”
  • Step four, if the version number reads 5.33.6162 or 1.07.3191, you should delete the software as soon as possible.

If you need more assistance to understand if your computer is infected, reach out to the technical support company My Fast PC directly.

What Is CCleaner, Anyway?

CCleaner is an application for Microsoft Windows computers. Its purpose is to “clean” your computer over time to optimize and enhance its performance. For example, the application can identify and remove broken shortcuts from your computer.

[caption id="attachment_14093" align="aligncenter" width="640"] Credit Super User[/caption]

Broken shortcuts happen to most Windows users at some point or another. When they do happen, an icon looks different than normal, and it doesn’t perform correctly. It is possible to manually correct broken icons, or you can rely on a program like CCleaner to fix them.

The application has other uses, too. It is designed to delete your passwords, internet and desktop files to increase your privacy. It also helps free up hard drive space on your computer by deleting unnecessary files. Overall, CCleaner has a lot of uses, which is why it has over 2 billion downloads in total.

What Happened

At first, it seemed that the hacker’s software was programmed to collect user data—like Social Security numbers and bank account information—from its victims. However, the attack was much more complex. On September 21, Avast released more information about the hack. The attackers actually installed a second malware application on the computers that were infected. This secondary application targeted specific websites in the technology sector. Sony, Microsoft and Cisco were among the attacked sites.

[caption id="attachment_14098" align="aligncenter" width="580"] Credit Hotspot Shield Blog[/caption]

When this information came to light, it became clear that this attack was a focused effort that sought to collect valuable intellectual property belonging to the tech industry. As of now, it’s unclear which companies’ machines have been infected as a result of the attack. Cisco has published a list of targeted technology companies , but Avast says more companies were likely infected than the ones outlined in Cisco’s research.

The Attack’s Timeframe

Behind the scenes, a company named Morphisec detected malicious activity related to the CCleaner application on August 20 and 21. The company did not notify anyone about the malicious activity. Then, on September 11, Morphisec customers shared information with the company’s engineers about CCleaner-related malicious activity. The day after, Morphisec notified Avast and Cisco about the suspicious activity. As soon as Avast and Cisco received the notification, they started their own investigations, and Avast and notified US law enforcement.

[caption id="attachment_14099" align="aligncenter" width="768"] Credit Hotspot Shield Blog[/caption]

On August 15, the compromised version of CCleaner was released. It ran undetected for about four weeks until it was removed. The information about the incident was released to the public on September 18—after Avast rolled out the correct version of CCleaner and CCleaner Cloud on September 15.

How It Occurred

Hackers were able to breach CCleaner’s security to gain access to the application. Once they had application access, they added something hackers call a “payload” that rode on top of the application. A payload is the component of a computer virus that executes malicious activity. In general, the more payload a virus has, the more harmful it will be. The hackers that infiltrated CCleaner used a multi-stage malware payload in their attack.

[caption id="attachment_14096" align="aligncenter" width="640"] Credit SOPHOS News[/caption]

Overall, the fact that CCleaner was targeted by hackers isn’t a surprise. It has more than 2 billion downloads, which makes it a sound target for many hackers. According Avast, the parent company that owns CCleaner, “ Piriform [the makers of CCleaner] believes that these users are safe now as its investigation indicates it was able to disarm the threat before it was able to do any harm. ” Although this is good news, users that were affected by the attack should still follow the precautions above to protect themselves from unforeseen implications associated with the hack.

Protecting Yourself

The first step after this attack is to follow the information outlined above in the “Who’s Infected” section. Once you’ve followed the outlined steps, you will be safeguarded from future harm this hack might create.

Next, you can start to protect yourself from future hacks. There are many behaviors you can carry out to keep hackers at bay, but you should start by updating your operating system and software frequently. Outdated programs are more likely to have vulnerabilities that hackers can attack. The best way to defend yourself is to make sure your computer’s operating system and applications are up-to-date.

Another way to protect yourself is to avoid open WiFi connections. When you use open WiFi, it’s very easy for hackers to access your computer and steal your personal information. If you ever need to use open or public WiFi, make sure you don’t type sensitive information, such as your online banking password, into your computer while you’re connected to the unknown Wifi source.

[caption id="attachment_14097" align="aligncenter" width="640"] Credit qSample Blog[/caption]

Creating password protected files is also a great preventative technique. Most versions of Windows don’t include a method for encrypting files directly on a computer, but there are a few workarounds. However, most users find it’s easier to work directly with a third-party program. There are several applications you can use to password protect your files on your PC.

Once you have a preventative strategy in place, you should implement a strategy for protecting your already compromised information. Investing in an identity protection and fraud recovery service will help ensure that your information isn’t spread around fraudulent sites and used incorrectly. Many of these companies will even monitor your credit report and relay suspicious activity to you directly.

A Theory on the Hackers

[caption id="attachment_14100" align="aligncenter" width="1280"] Credit PC World[/caption]

Although the perpetrators of the attack are still unknown, A Russian security firm named Kaspersky has a guess … The firm believes that a group of hackers called Axiom and Group 72 might be behind the attack. They came to this conclusion because they noticed a code overlap between the group’s malware and the malware used in the CCleaner hack.


After the Equifax and CCleaner hacks, chances are that you feel a bit vulnerable. Having your personal information exposed is a scary occurrence that can lead to a lot of inconvenience and stress. Fortunately, there are steps you can take today to help mitigate your anxiety and protect your personal information. The first thing you should do is determine if you’re using CCleaner. If you are, your next step will be to check the version that you are currently using.

Every computer user that’s running an infected program should uninstall the program immediately. Users that do not have a corrupted version may also want to update their program after this event. Once you ensure you have the malware-free version of CCleaner, you can begin protecting your information from future attacks. It’s also a wise idea to decide how you will react to hacks that might have affected you already. For example, if you’re one of the 143 million American consumers that had your information exposed by Equifax, you can freeze your credit today.

With millions of cyber attacks occurring every day, it’s not a question of if, but when your personal information will be compromised. Every individual that uses a computer or smartphone is vulnerable—which is why prevention is key.

Although the steps above are by no means comprehensive, they do make up a sound action plan for individuals that want to keep their personal information safe. Once you follow the steps above, consider reaching out to an internet security company or source that can provide you with more information. When you connect with a company, ask them about their latest procedures and policies. The best providers are always updating their offerings to better meet the needs of their customers.

Featured Image Credit: Unsplash

Your Personal IT Team, Anytime, Anywhere!

24/7 Support

Explore Services

Get 24/7 Peace of Mind With Remote Tech support

We’ll help you with any question, concern or issue.

Get Specialist Assistance

About the author

Photo of Erik Fullmer

Erik Fullmer

Erik was raised in many places but has long since called Utah home. Rooted in mountains, he spends a lot of time with his dogs in the mountains and in the winter he skis… a lot.

Erik is actively earning the necessary certifications and training to become a certified AMGA Ski Guide.

With over a decade of content writing experience, Erik finds passion when writing for the tech and outdoor recreation industries.