The last thing you’d expect from a popular security app is for it to end up infecting your system with malware but that’s precisely what happened with Avast-owned CCleaner. With over two billion downloads, it’s easily considered a popular security app. Cisco Talos security researchers have discovered that hackers breached security to inject malware that was possibly distributed to millions of CCleaner’s users.
The security researchers discovered that the download servers used by Avast were compromised to spread malware inside CCleaner.
“For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,” explained the team of security researchers at Cisco Talos.
Avast describes CCleaner as a “crap cleaner.” It primary deletes cookies and provide some web privacy protections. The company says that 2.27 million users were affected by this malware attack.
The hackers essentially exploited the trust relationship between this software vendor and the user of CCleaner who were expecting a security app but ended up inadvertently download and installing malware on their computers.
Avast adds that it was able to prevent the malware from actually harming customers. “These users are safe now as its investigation indicates it was able to disarm the threat before it was able to do any harm,” a spokesperson for the company said.