CCleaner hacked by malware creators
Everyone knows what to expect from pirated software or malicious pop-ups. It is far worse when the threat lies where you expect the least – a seemingly trustworthy application from a reputable company.
Unfortunately, this kind of attacks is not as rare as you might want them to be. Recently, CCleaner was discovered to carry a certain type of malware. This was discovered by Cisco’s Talos security team. The version in question is CCleaner 5.33, and there is a new version already, CCleaner 5.34. It fixed the bug and is safe to use.
CCleaner is a program for faster PC performance, created by Piriform, which is now owned by Avast. It should help its users clean their PC, protect their privacy, recover files, etc. However, the malicious attack has shaken things a little.
The Floxif infection
The software was infected with malware called Flofix sometime between August 15 and September 12. It is estimated that there are about 2.27 million people infected all over the world. Also, it was discovered that the virus was compatible only with 32-bit systems.
So, what actually happened? It turns out that the malware is a Trojan that gathers technical information about the users. This includes:
- IP address
- computer technical details
- programs installed on the device
- active programs
- network adapters
All this information is looked upon as non-sensitive, meaning that it does not contain private details about the user.
The information gathered was then sent to a server of the malware developers, the IP address of which was 220.127.116.11. On the infected computer, the malware also replaced a CBkdr.dll file with its own malicious version.
It is quite fortunate that Floxif was stopped in time, so the attack wasn’t as bad as it could have been. It could have implemented even worse actions.
The interesting fact is that Floxif was not noticed for such a long time. That’s because the malware used an intricate method of hiding from detection, even if the anti-malware application installed on the computer had the feature of sandbox. It turns out that there was a 601-second pause between the download of Floxif and its execution, and it was enough time to trick any security tool.
Fortunately, now Floxif is terminated as an update was released on September 13.Its users are encouraged to download the newest version in order to replace the infected one.
A new way to spread malware
The Floxif infection is an example of a new wave of attacks that use vulnerabilities in official programs, not just users’ computers. Because of this, developers must be much more careful when checking for possible infections in their software before launching updates.
Even though this CCleaner update contained malware, it is still recommended to update your applications as soon as possible. Software that is not updated possesses security holes, and it is much more common to get infected from old versions rather than the new ones.
Also, a good anti-malware tool should also help a lot, and you have to allow automatic updates so that the program would be at its peak at all times.