Hackers backdoored the popular CCleaner Windows utility. For nearly a month, two malware-tainted versions collected computer names, IP addresses, lists of installed and active software, as well lists of network adapters before sending the data to the attacker\u2019s server.Cisco Talos, which discovered the malware on Sept. 13 while a customer was beta testing new exploit detection technology, warned that the tainted versions of CCleaner were being distributed for nearly a month. CCleaner 5.33 was released on Aug. 15, and a newer version without compromised code wasn\u2019t released until Sept. 12. A cloud version released in August was similarly infected.The backdoored version was even signed using a valid certificate issued to Piriform, which was acquired by antivirus firm Avast in July.Cisco Talos researchers said, \u201cIt is likely that an external attacker compromised a portion of their development or build environment and leveraged that access to insert malware into the CCleaner build that was released and hosted by the organization. It is also possible that an insider with access to either the development or build environments within the organization intentionally included the malicious code or could have had an account (or similar) compromised which allowed an attacker to include the code.\u201dPiriform confirmed the attack, saying\u00a0Avast \u201cdetermined on the 12th of September that the 32-bit version of our CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 products, which may have been used by up to 3% of our users, had been compromised in a sophisticated manner.\u201d A non-backdoored version of CCleaner was released the same day.As for the compromised cloud version, CCleaner Cloud v1.07.3191, which was released on Aug. 24, the company released a non-malware tainted version on Sept. 15.Law enforcement is involved. Piriform said, \u201cIt would have been an impediment to the law enforcement agency\u2019s investigation to have gone public with this before the server was disabled and we completed our initial assessment.\u201dAn estimated 2.27 million systems installed the infected CCleanerAlthough Avast doesn\u2019t want users to panic, it admitted to Forbes that an estimated 2.27 million systems installed the backdoored versions.Piriform previously claimed that there have been 2 billion total CCleaner downloads with an additional 5 million weekly installs. Cisco Talos said, \u201cThe impact of this attack could be severe given the extremely high number of systems possibly affected.\u201dIf even a small fraction of those systems were compromised, an attacker could use them for any number of malicious purposes. Affected systems need to be restored to a state before August 15, 2017, or reinstalled. Users should also update to the latest available version of CCleaner to avoid infection. At the time of this writing that is version 5.34.The freebie version won\u2019t automatically update to a version without a backdoor. If you installed it, then go grab a clean version of CCleaner now if you intend to keep using the software.CCleaner has been popular for years, trusted by tech-savvy users. Taking advantage of that trust is partially why this attack is so distressing. That and you don\u2019t expect an antivirus firm to infect you with malware.Cisco Talos concluded:This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world. By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates.