Click to Skip Ad
Closing in...

Hackers hid a backdoor in a security app that has more than 2 billion downloads

Published Sep 18th, 2017 7:56AM EDT
Avast CCleaner Backdoor Hack
Image: Jeff Chiu/AP/REX/Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

The Equifax hack isn’t the only major cyber attack you should be aware of. Security researchers discovered that hackers hid a backdoor in a security app supposed to keep your Windows computer safe and clean, with the purpose of using your machine for other malicious activities. That app is made by a subsidiary of the company that created the Avast antivirus app, and it has more than 2 billion downloads.

The good news is that “only” 2.27 million users were infected, Forbes says. The CCleaner for Windows app was updated to a version that doesn’t contain the backdoor, which would have allowed hackers to continue targeting infected computers with additional malware.

Cisco Talos was the the first security company to report the hack, revealing that the compromised CCleaner app was first discovered on September 13th (version 5.33), with the official servers hosting the backdoored app as far back as September 11th. The app version that was attackedwas first made available to users on August 15th. Meanwhile, the fixed version of CCleaner (version 5.34) was released on September 15th.

The malware sent hackers encrypted information including the name of the infected computer, a list of installed software, and running processes. It’s unclear what the hackers wanted to do with the computers.

Piriform, the company that makes CCleaner, says there’s no need to panic. The company explained the cyber attack in a blog post available at this link.

“2.27 million is certainly a large number, so we’re not downplaying in any way. It’s a serious incident. But based on all the knowledge, we don’t think there’s any reason for users to panic,” Avast chief technology officer Ondrej Vlcek told Forbes. “To the best of our knowledge, the second-stage payload never activated… It was prep for something bigger, but it was stopped before the attacker got the chance.”

Avast bought Piriform in July.

Others aren’t convinced of what Avast and Piriform execs say publicly, as there’s no telling what the hackers may have used the backdoor for. The good news is all you need to do to stay safe is to update your CCleaner installation to the latest version available. You should also monitor your online accounts for suspicious activity, just to be safe.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2007. When he’s not writing about the most recent tech news for BGR, he closely follows the events in Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming new movies and TV shows, or training to run his next marathon.