Avast reveals the method by which CCleaner was attacked last year.

Buzz

Ngày cập nhật gần nhất: 15/4/2026

Going back to September last year, CCleaner faced a scandal involving malware infections that greatly affected many computers worldwide. At that time, some details of the attack were not clearly disclosed. Recently, Avast has disclosed the method by which CCleaner was attacked last year.

Avast acquired Piriform, the company behind CCleaner and Recuva, back in July last year. Following the incident where hackers distributed malware through CCleaner software, information about the attack was seemingly not disclosed to users until recently when Avast revealed further how CCleaner was attacked last year.

Hackers modified the CCleaner update version to add additional malware backdoors. According to statistics, approximately 2.27 million downloads of the modified CCleaner installer file occurred during that time.

Avast reveals the cyber attack method on CCleaner last year.

Ondrej Vlcek, the security technology director at Avast, disclosed that the attackers accessed Piriform's network on March 11, 2017, about 4 months before Avast took over. Somehow, the responsible party managed to retain stolen login credentials to remotely access computer accounts via TeamViewer on the developer's computer.

According to Ondrej Vlcek: 'While we don't know how the attackers could obtain the information, we can only speculate that hackers used user information from Piriform's workstations used for another service, possibly leaked, to access TeamViewer accounts.'

The attackers installed the ShadowPad malware on 2 compromised company computers before using a keylogger to gain further access to Piriform systems. By August 2, 2017, the first instance of CCleaner's infected download appeared.

'Our investigations reveal that ShadowPad has previously been used in South Korea and Russia, where attackers infiltrate computers to monitor money transfers,' explained Vlcek.

Out of 2.27 million CCleaner downloads affected, the second wave of attacks, installing ShadowPad, only occurred on 40 computers, all belonging to tech and communication companies. 'We have no evidence that the third wave of ShadowPad attacks was distributed through CCleaner to any of the 40 computers,' he added.

Vlcek also emphasized that Avast has two main takeaways from the attack. 'First, M&A due diligence must extend beyond just legal and financial issues. Companies need to focus heavily on cybersecurity, and for us, this is one of the key objectives to consider in the Piriform acquisition process.'

'Second, supply chain is not typically a top priority for businesses, but it needs to change. Attackers will always seek out the weakest links, and if a product is downloaded by millions of users, it becomes their sweet spot. Companies need to enhance vigilance and investment to keep the supply chain secure.'

To safeguard your device, users should install antivirus software on their computers. Currently, there are many antivirus software options such as Avast, AVG, BKAV... all of which meet your criteria.

Frequently Asked Questions

What were the main details of the CCleaner malware attack?

The CCleaner malware attack involved hackers modifying the CCleaner update to distribute malware backdoors, affecting approximately 2.27 million downloads. This attack was not fully disclosed until Avast revealed the details months later.

How did hackers gain access to Piriform's network during the CCleaner incident?

Hackers accessed Piriform's network using stolen login credentials, allowing them to remotely control developer accounts via TeamViewer. They installed the ShadowPad malware on compromised computers to further infiltrate the system.

What cybersecurity lessons did Avast learn from the CCleaner breach?

Avast learned that cybersecurity diligence during mergers and acquisitions must focus on supply chain security and not just legal and financial aspects. Attackers often exploit weak links in software downloaded by millions.

Is it necessary to install antivirus software after the CCleaner attack?

Yes, installing antivirus software is essential to safeguard your device against potential threats. Reliable options like Avast, AVG, and BKAV can help protect against future malware infections.

Mytour's content is for customer care and travel encouragement only, and we are not responsible.

For errors or inappropriate content, please contact us at: [email protected]