Hackers Hid Backdoor In CCleaner Security App With 2 Billion Downloads -- 2.3 Million Infected
Hackers inserted a hidden backdoor in file cleaning software CCleaner which has more than two billions downloads, prompting fears millions of devices may be affected by the breach.
The virus was unearthed by tech security researchers, and users of the app have been advised to update their software immediately.
The maintenance app is run by British company Piriform, a subsidiary of Avast, one of the world’s biggest anti-virus companies.
“We would like to apologize for a security incident that we have recently found in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191,” Paul Yung of Piriform said in a statement.
“We also immediately contacted law enforcement units and worked with them on resolving the issue.”
The company added that the rogue server is down and other potential servers are out of the control of the attacker.
“Supply chain attacks are a very effective way to distribute malicious software into target organizations,” Cisco’s threat intelligence group, Talos, explained in a blog about the hack.
“This is because with supply chain attacks, the attackers are relying on the trust relationship between a manufacturer or supplier and a customer.
“This trust relationship is then abused to attack organizations and individuals and may be performed for a number of different reasons.”
Talos notes that the sophisticated attack could be severe because of the “extremely high number” of systems possibly affected.
In November last year the CCleaner app was downloaded more than 2 billion times, according to the company, and is installed by desktop users at a rate of 5 million a week.
Read more from RT here