Cleaner is listed (among others) as a ready-for-use module in a tool called Evilgrade which can intercept automatic upgrades or upgrade-notifications (tutorial with backtrack5) to trick users into installing evil code instead of or additional to an upgrade.
Is this a 2.x problem only or does this still exist?
CCleaner doesn't have an auto update, but i guess if it could redirect people to a fake page, then CCleaner would be vulnerable.
There are fraudulent suppliers that offer CCleaner but deliver something else.
There are also many "Cleaners" which should be distinguished from "CCleaner"
Cleaner is listed (among others) as a ready-for-use module in a tool called Evilgrade which can intercept automatic upgrades or upgrade-notifications (tutorial with backtrack5) to trick users into installing evil code instead of or additional to an upgrade.
Is this a 2.x problem only or does this still exist?
Won't even pretend to understand those mechanisms, but thanks for the heads up. It doesnt seem that this mechanism would compromise the manual update button in the lower right corner of the CCleaner window ... is that correct? Either way, wouldn't it be safe to just go straight to CCleaner site or FileHippo? That is a suggested "countermeasure" near the bottom of your second link.
The developers read all these posts, and take corrective measures when necessary.