Sept. 18 (UPI) -- Hackers have successfully hidden a multistage malware in the anti-virus app CCleaner, which has infected 2.27M users, cybersecurity experts said Monday.
According to an analysis by threat intelligence firm Cisco Talos, the servers used by Avast, the company that owns CCleaners, were comprised to distribute the malware.
"For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner," Cisco Talos said in a statement.
CCleaner, dubbed the "crap cleaner", had over 2 billion downloads by late last year and gains about 5 million users each week, making it a popular target for hackers.
Cisco Talos immediately notified Avast of the security breach, due to the damage potential.
"If even a small fraction of those systems were compromised, an attacker could use them for any number of malicious purposes," Cisco Talos said.
The firm noted that the malware distribution is a "prime example of how far hackers are willing to go" to distribute malware into various devices, benefiting from a user's trust in files and web servers used to deliver software updates.
The server was shut down in mid-September before any known harm was done, and a spokeswoman for Avast said the users are now safe.