Avast acquired Piriform, the maker of CCleaner, on July 18, 2017 because Piriform has a great product, and wonderful supporters and users. But before we completed the acquisition, the bad actors were likely already in the process of hacking into the Piriform systems. The compromise may have started on July 3rd. Avast first learned about the possible malware on September 12, 8:35 AM PT from a company called Morphisec which notified us about their initial findings. The fact that it didnt cause harm to users is a very good outcome.”]
Source: https://blog.avast.com/update-to-the-ccleaner-5.33.6162-security-incident