HomeNewsCCleaner: Hackers break into Avast Antivirus through an unsafe VPN

CCleaner: Hackers break into Avast Antivirus through an unsafe VPN

If you purchase via links on our reader-supported site, we may receive affiliate commissions.

Hackers penetrated the internal network of a Czech Cybersecurity Company called Avast, intending for a supply chain attack targeting CCleaner. It was discovered on September 25. The break-in attempts began on May 14.

After an examination, the antivirus maker found out that the attacker was able to penetrate by making use of compromised credentials through a temporary VPN account.

Avast Chief Information Security Officer (CISO), Jaya Baloo, said from the report assembled so far, the attack seems to be “a remarkably complex attempt.”  Avast regards this endeavor by the name ‘Abiss'. He also affirmed that the threat player behind it applied utmost caution to evade detection and masks the trails of their intention.

Records of the questionable activity show entries on May 14 and 15, on July 24, on September 11, and on October 4.

READ ALSO: Review of G DATA Total Security

The intruder made the connection from a public IP address in the U.K., after which he/she used a temporary VPN account. The account was also not protected with two-factor authentication (2FA).

Jaya Baloo affirmed that “a malicious replication of directory services from an internal IP that belonged to our VPN address range.”

CCleaner Updates

After they suspected CCleaner as the target, Avast on September 25, stopped the future updates for the software and started to review earlier versions for malicious modification.

To guarantee that no danger reaches its users, the company re-signed an official CCleaner version and launched it as an automatic update on October 15.

The company traced the invader by having the VPN profile active. And it continued to observe the access running through it until mitigation steps could be deployed. Law enforcement has been informed of the intrusion. And an external forensics team, aided Avast's efforts to validate the obtained data.

Avast will continue to evaluate and observe its networks for better detection and swifter response in the tomorrow.

Some information, such as the IP addresses that were used for the intrusion, has been shared with law enforcement. And the cybersecurity community was not left out of the case.

READ ALSO: Security Alert: The Most Common COVID-19 Online Frauds and Scams

David Peterson, the CCleaner General Manager, said in a blog post today, that there is a cause for automatically updating all CCleaner installations from 5.57 to the current newest version. This was a preventative means to guarantee that all users run a genuine release.

“We took these moves preventatively as our research is ongoing, but we wanted to cancel the risk of fraudulent software delivery to our users. After we had the observation that the attempts to infiltrate our systems started in May 2019, we swiftly moved to automatically updated users. Their users were updated on builds released after this time to guarantee their safety.


Delete Me
iolo system mechanic

Subscribe to SecureBlitz Newsletter

* indicates required
Abraham Faisal
Abraham Faisal
Abraham Faisal is a professional content writer. He has a strong passion for online privacy, cybersecurity and blockchain and is an advocate for online privacy. He has been writing about these topics since 2018 and is a regular contributor to a number of publications. He has a degree in Computer Science and has in-depth knowledge of the ever-evolving world of digital security. In his free time, he likes to travel and explore new cultures.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.