Hackers slipped in a malicious programme into British company Piriform’s free computer performance software, CCleaner, last month, potentially allowing them to control the devices of more than 20 lakh users, the firm said on Monday.

CCleaner – used to optimise computer performance – is downloaded for personal computers and Android phones as often as five million times a week. It cleans up junk files and advertising cookies to speed up devices.

Security researchers at Cisco’s Talos unit said a version of CCleaner released in August included remote administration tools that tried to connect to unregistered web pages to download unauthorised programmes. “There is nothing a user could have noticed,” Reuters quoted Talos researcher Craig Williams as saying.

In a blog post, Piriform confirmed that two programmes released in August were compromised and advised users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 to download new versions.

Piriform said it had worked with law enforcement in the United States to shut down a server in the country to which traffic was set to be directed. It said the server was closed on September 15 “before any known harm was done”.