Cyber Villains Corrupted Ccleaner 5.33 Version

What is Cyber Villains Corrupted Ccleaner 5.33 Version?

It is probably the worst thing that can happen to a security application developer that a release like Cyber Villains Corrupted Ccleaner 5.33 Version can hit the web right from its legitimate source. The software in question (CCleaner) was developed by Piriform and it is a widely used tool that has been installed by 2 billion users globally. Although statistics say that this application is downloaded by around 5 million users every week, official sources state that "only" 2.27 million users were affected by this horrible breach since it was only the 32-bit version of CCleaner 5.33 that was affected between August 15 and September 12, 2017. This corrupted version included a backdoor component that managed to stay undetected for four weeks. This breach could have caused serious and severe damage but, fortunately, the Command and Control (C&C) servers were taken down before the cyber criminals behind this attack could have moved to stage two of their attack. Our malware experts say that the only way for you to remove Cyber Villains Corrupted Ccleaner 5.33 Version from your system is to update your CCleaner software to a new version (it is 5.35 at the time of writing) even though other articles may suggest that you need to restore your system to a point before you installed the corrupted version.

Where does Cyber Villains Corrupted Ccleaner 5.33 Version come from?

Strangely enough, this backdoor-containing software does not spread on the web in the usual shady and deceptive ways, such as bad downloaders and freeware bundles. This corrupted CCleaner comes straight from its developer's legitimate servers ( Originally, Piriform Ltd. was the one who developed CCleaner, which then became a very popular system optimizer and security tool. In the middle of July, 2017, the well-know security firm, Avast acquired Piriform. Although the corrupted version appeared on the company's servers for download on August 15, the officials of Avast believe that Piriform was targeted prior to the acquisition, while they were still a standalone company. The corrupted version containing the backdoor malware had an installer that was actually signed with a valid digital signature issued to Piriform. Still, CCleaner was indeed a hacked version that contained a malicious payload featuring a Domain Generation Algorithm (DGA) as well as C&C communication functionality.

In order for a legitimate version to be corrupted like this and spread via official sources, the digital signing process could be compromised but it is also possible that the cyber crooks behind this well-prepared and professional attack had an access to the software building environment somehow. Otherwise, there is no way for hackers to be able to upload a compromised version with legitimate digital signature to the company's servers. Although we always say that you should only use official websites to download software and updates, in this case, even that got compromised and for nearly a month this backdoor-containing CCleaner version was spreading in great numbers without even being detected by any of the main security programs. Fortunately, the corrupted version with the malicious payload has been removed from the servers and a new version was quickly released to deal with the malicious code. Therefore, there is no need for you to delete Cyber Villains Corrupted Ccleaner 5.33 Version manually because you just need to update your CCleaner tool to the latest secure version.

How does Cyber Villains Corrupted Ccleaner 5.33 Version work?

Official reports say that over 2 million users in the US, Russia, and West Europe could have been affected by this malicious version because of the popularity of CCleaner. This is a PC optimizer tool that somehow became the target and victim of serious hackers who managed to upload a corrupted version to the official download servers. This CCleaner 5.33 version contains a backdoor component that can collect information about your PC and then, send this technical data encrypted and encoded by a modified Base64 algorithm to a C&C server. This infection was coded to wait for 601 seconds before executing its malicious payload in order to avoid detection and sandboxing. This is why no security software detected it for weeks. The number of users affected by this particular malicious version is not as high as it could have been because it only affected the 32-bit version and it also ran a check on the users privileges on the system, and if the user was not an administrator then the malicious code terminated. This backdoor also used a time-based DGA algorithm in case the original C&C server failed to respond.

Thus, (August) and (September) were used in this attack, which can be clearly seen by the statistics of these domains. Fortunately, these cyber criminals, however sophisticated this attack may have been, could not progress to stage two and actually cause serious damage since the primary C&C server was taken down in collaboration with law enforcement and the secondary DGA domains were registered by an IT threat intelligence team (Cisco Talos). According to Avast, there are still around 700 thousand users who may have the corrupted version running on their computer but it does not really mean any danger any longer as it was removed from the server side. As we have already mentioned, there is no need to panic if you have this unfortunate version and you do not even need to delete your CCleaner application to remove Cyber Villains Corrupted Ccleaner 5.33 Version.

How do I remove Cyber Villains Corrupted Ccleaner 5.33 Version?

Those users who has the paid or full version of CCleaner have been informed and their software was updated to the new, clean version to tackle this horrible situation. However, the free version has no auto-update functionality; therefore, those users are asked to update manually to eliminate this ugly backdoor threat. The officials of Avast believe that the second stage payload never activated; thus, there has been no real damage or harm done. Although some malware hunters and articles have been suggesting that a system restoration to pre-August 15 state or even an operating system re-installation may be needed, it seems that a simple update to the latest version of CCleaner will remove Cyber Villains Corrupted Ccleaner 5.33 Version, i.e., the backdoor code from the corrupted version. This case clearly shows how easy it is to infect your computer from even official sources when they get compromised. Nevertheless, it is still the most efficient way to protect your PC if you install a professional anti-malware program like SpyHunter. 100% FREE spyware scan and
tested removal of Cyber Villains Corrupted Ccleaner 5.33 Version*


Leave a Comment

Enter the numbers in the box to the right *