Senior officials from Czech cyber security company Avast claims that the number of users affected by malware spread through CCleaner, a popular application that allows Windows users to perform routine maintenance on their systems, is now down to 730,000.
Avast chief executive Vince Steckler and chief technology officer Ondřej Vlček said in a blog post that updates had been pushed to as many of the 2.27 million who were initially estimated as being affected.
Researchers from Cisco's Talos Intelligence Group revealed the infiltration, having learned of it from security firm Morphisec.
CCleaner is a product of Piriform, a company that was recently acquired by Avast.
{loadposition sam08}Steckler and Vlček confirmed that the affected version of CCleaner had been released on 15 August as reported by Cisco's Talos Intelligence Group.
This is largest supply chain hack ever - 2.27m installs - against an infosec product with an infosec vendor. Little press coverage, buried.
— Kevin Beaumont ? (@GossiTheDog) September 18, 2017
They said the company had first learned of the malware infection on 12 September when Morphisec made contact.
"We thank Morphisec and we owe a special debt to their clever people who identified the threat and allowed us to go about the business of mitigating it," they said.
"Following the receipt of this notification, we launched an investigation immediately, and by the time the Cisco message was received (14 September, 7:25AM PT), we had already thoroughly analysed the threat, assessed its risk level and in parallel worked with law enforcement in the US to properly investigate the root cause of the issue."
The command and control server which was being contacted by the malware was taken down on 15 September.
"Customers are advised to update to the latest version of CCleaner, which will remove the backdoor code from their systems. As of now, CCleaner 5.33 users are receiving a notification advising them to perform the update," Steckler and Vlček said.
Graphic: courtesy Piriform