Read: https://www.virusbulletin.com/blog/2017/10/avast-present-technical-details-ccleaner-hack-vb2017/
and
https://threatpost.com/inside-the-ccleaner-backdoor-attack/128283/

At first it was mentioned the hack stemmed from the beginning of July, that now has been set to April 2017.
see: https://twitter.com/josephfcox/status/915835790931918848

polonus

Thnx Damian

Bracek said that this demonstrates the risk of whitelisting signed apps such as CCleaner, in particular if a supply chain attack is involved.

https://threatpost.com/inside-the-ccleaner-backdoor-attack/128283/

Greetz, Red.