THE WARNINGS CONSUMERS hear from information security pros tend to focus on trust: Don’t click web links or attachments from an untrusted sender. Only install applications from a trusted source or from a trusted app store. But lately, devious hackers have been targeting their attacks further up the software supply chain, sneaking malware into downloads from even trusted vendors, long before you ever click to install.

On Monday, Cisco’s Talos security research division revealedthat hackers sabotaged the ultra-popular, free computer-cleanup tool CCleaner for at least the last month, inserting a backdoor into updates to the application that landed in millions of personal computers. That attack betrayed basic consumer trust in CCleaner-developer Avast, and software firms more broadly, by lacing a legitimate program with malware—one distributed by a security company, no less.

It’s also an increasingly common incident. Three times in the last three months, hackers have exploited the digital supply chain to plant tainted code that hides in software companies’ own systems of installation and updates, hijacking those trusted channels to stealthily spread their malicious code.

“There’s a concerning trend in these supply-chain attacks,” says Craig Williams, the head of Cisco’s Talos team. “Attackers are realizing that if they find these soft targets, companies without a lot of security practices, they can hijack that customer base and use it as their own malware install base…And the more we see it, the more attackers will be attracted to it.”

According to Avast, the tainted version of the CCleaner app had been installed 2.27 million times from when the software was first sabotaged in August until last week, when a beta version of a Cisco network monitoring tool discovered the rogue app acting suspiciously on a customer’s network. (Israeli security firm Morphisec alerted Avast to the problem even earlier, in mid-August.) Avast cryptographically signs installations and updates for CCleaner, so that no imposter can spoof its downloads without possessing an unforgeable cryptographic key. But the hackers had apparently infiltrated Avast’s software development or distribution process before that signature occurred, so that the antivirus firm was essentially putting its stamp of approval on malware, and pushing it out to consumers.

That attack comes two months after hackers used a similar supply-chain vulnerability to deliver a massively damaging outbreak of destructive software known as NotPetya to hundreds of targets focused in Ukraine, but also branching out other European countries and the US. That software, which posed as ransomware but is widely believed to have in fact been a data-wiping disruption tool, commandeered the update mechanism of an obscure—but popular in Ukraine—piece of accounting software known as MeDoc. Using that update mechanism as an infection point and then spreading through corporate networks, NotPetya paralyzed operations at hundreds of companies, from Ukrainian banks and power plants, to Danish shipping conglomerate Maersk, to US pharmaceutical giant Merck.

One month later, researchers at Russian security firm Kaspersky discovered another supply chain attack they called “Shadowpad”: Hackers had smuggled a backdoor capable of downloading malware into hundreds of banks, energy, and drug companies via corrupted software distributed by the South Korea-based firm Netsarang, which sells enterprise and network management tools. “ShadowPad is an example of how dangerous and wide-scale a successful supply-chain attack can be,” Kaspersky analyst Igor Soumenkov wrote at the time. “Given the opportunities for reach and data collection it gives to the attackers, most likely it will be reproduced again and again with some other widely used software component.” (Kaspersky itself is dealing with its own software trust problem: The Department of Homeland Security has banned its use in US government agencies, and retail giant Best Buy has pulled its software from shelves, due to suspicions that it too could be abused by Kaspersky’s suspected associates in the Russian government.)

Supply-chain attacks have intermittently surfaced for years. But the summer’s repeated incidents point to an uptick, says Jake Williams, a researcher and consultant at security firm Rendition Infosec. “We have a reliance on open-source or widely distributed software where the distribution points are themselves vulnerable,” says Williams. “That’s becoming the new low-hanging fruit.”

Williams argues that move up the supply chain may be in part due to improved security for consumers, and companies cutting off some other easy routes to infection. Firewalls are near-univeral, finding hackable vulnerabilities in applications like Microsoft Office or PDF readers isn’t as easy as it used to be, and companies are increasingly—though not always—installing security patches in a timely manner. “People are getting better about general security,” Williams says. “But these software supply-chain attacks break all the models. They pass antivirus and basic security checks. And sometimes patching is the attack vector.”

In some recent cases, hackers have moved yet another link up the chain, attacking not just software companies instead of consumers, but the development tools used by those companies’ programmers. In late 2015, hackers distributed a fake version of the Apple developer tool Xcode on sites frequented by Chinese developers. Those tools injected malicious code known as XcodeGhost into 39 iOS apps, many of which passed Apple’s App Store review, resulting in the largest-ever outbreak of iOS malware. And just last week, a similar—but less serious—problem hit Python developers, when the Slovakian government warned that a Python code repository known as Python Package Index, or PyPI, had been loaded with malicious code.

These kinds of supply-chain attacks are especially insidious because they violate every basic mantra of computer security for consumers, says Cisco’s Craig Williams, potentially leaving those who stick to known, trusted sources of software just as vulnerable as those who click and install more promiscuously. That goes double when the proximate source of malware is a security company like Avast. “People trust companies, and when they’re compromised like this it really breaks that trust,” says Williams. “It punishes good behavior.”

These attacks leave consumers, Williams says, with few options to protect themselves. At best, you can try to vaguely suss out the internal security practices of the companies whose software you use, or read up on different applications to determine if they’re created with security practices that would prevent them from being corrupted.

But for the average internet user, that information is hardly accessible or transparent. Ultimately, the responsibility for protecting those users from the growing rash of supply-chain attacks will have to move up the supply chain, too—to the companies whose own vulnerabilities have been passed down to their trusting customers.