Avast said that 2.27 million users downloaded the tainted CCleaner software back in 2017 1,646,536 computers were infected with the first-stage Floxif trojan that scanned for high-value targets but only 40 computers received the second-stage trojan, a more powerful backdoor. A few notable security incidents include LastPass, My1Login, KeePass, OneLogin, PasswordBox, MyPasswords, Avast Passwords, and RoboForm. The list of targets included Cisco, Microsoft, Google, NEC, and many other major companies.
The attackers, believed to be a group of Chinese state-sponsored hackers, inserted malware that would only download a second-stage payload when CCleaner was installed on the network of a major company. Hackers breached Piriform's network via a TeamViewer account and planted malware inside CCleaner. The 2017 CCleaner hack happened before Avast bought Piriform, the company behind CCleaner.
The investigation is ongoing and the company promised more updates.Īvast previously received praises for the openness it showed while investigating the 2017 CCleaner hack, publishing several updates on the incident, as it continued to learn more about the 2017 breach in the subsequent months. 'From the insights we have gathered so far, it is clear that this was an extremely sophisticated attempt against us that had the intention to leave no traces of the intruder or their purpose, and that the actor was progressing with exceptional caution in order to not be detected,' Baloo said.
