Warning CCleaner Was Compromised to Distribute Malware for Almost a Month
Between August 15th and September 12th, 2017 Version 5.33 of the CCleaner was modified to include the Floxif malware, according to reports published by MorphiSec and Cisco Talos.
What is Floxif? It’s a malware downloader that collects data about corrupted systems and sends the information back to its C&C server. The malware also had the ability to download and run other binary code, However, there isn’t any confirmation that Floxif installed any other second-stage payloads on infected computers.
The information that was collected during this time was the computer name, a list of installed programs, a list of running background processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer. The malware only ran on 32-bit systems, not 64-bit. The malware also stopped the implementation if the user was not using an administrator account.
Clean CCleaner versions released
On September 13th, version 5.34 was released and pushed to CCleaner Cloud users that didn’t contain the malicious code. Updating to the recent version 5.34 does removes the malware. Everyone that has CCleaner installed on their computer should check to see if updates are available and install them as soon as possible. You can do this by opening the program and click “check for updates in the bottom right corner of the program.