There have been multiple iterations of the tool since then. “We believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm.”ĬCleaner has been downloaded more than 2 billion times since it was originally released in 2003. “We estimate that 2.27 million users had the affected software installed on 32-bit Windows machines,” an Avast spokesperson told CyberScoop.
The program is predominantly used on computers running Windows, although there’s also a version for MacOS. Piriform, a British software firm acquired by Avast in July, originally developed CCleaner. The affected version, CCleaner 5.33, was only available for download for about one month. The latest version of CCleaner was released in mid-September. The news illustrates how hackers are actively targeting and in some cases, successfully exploiting vulnerabilities in the supply chains of prominent software vendors. The backdoor left infected devices open to future attacks and other malware.
Security researchers say hackers were able to booby-trap a popular tool offered by Czech cybersecurity firm Avast to remotely install a backdoor implant on millions of computers, according to new research by Cisco’s Talos team.Ī sabotaged software update mechanism in an outdated version of the file clean-up software program CCleaner allowed for a hacker to covertly download malicious code onto computers.