Internal network of Czech antivirus company Avast has been breached in a supposed attack on their utility CCleaner. According to Avast the intrusion attempts started on May 14 and has been detected on September 25. The attacker gained access and escalated his privileges inside network using compromised credentials and a temporary, no longer active and insufficiently protected VPN account.
This breach has been the reason for Avast's move to stop upcoming CCleaner releases and check prior releases to verify that no malicious changes had been made. Avast also disabled and reset all internal user credentials, as well as, pushed automatic update on October 15 - to ensure all versions 5.57 through 5.62 were genuine and free of malware.