Warning CCleaner Was Compromised to Distribute Malware for Almost a Month

September 20, 2017 6:18 pm Published by Leave your thoughts

Warning CCleaner Was Compromised to Distribute Malware for Almost a Month

Between August 15th and September 12th, 2017 Version 5.33 of the CCleaner was modified to include the Floxif malware, according to reports published by MorphiSec and Cisco Talos.

What is Floxif? It’s a malware downloader that collects data about corrupted systems and sends the information back to its C&C server. The malware also had the ability to download and run other binary code, However, there isn’t any confirmation that Floxif installed any other second-stage payloads on infected computers.

The information that was collected during this time was the computer name, a list of installed programs, a list of running background processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer. The malware only ran on 32-bit systems, not 64-bit. The malware also stopped the implementation if the user was not using an administrator account.

Clean CCleaner versions released

On September 13th, version 5.34 was released and pushed to CCleaner Cloud users that didn’t contain the malicious code.  Updating to the recent version 5.34 does removes the malware.  Everyone that has CCleaner installed on their computer should check to see if updates are available and install them as soon as possible. You can do this by opening the program and click “check for updates in the bottom right corner of the program.


You can find more information about the Floxif malware process at Cisco Talos report here, and at MorphiSec report here.

And as always if you have any concerns about your computer being infected please don’t hesitate to call Megabite. 



Until Next Time, Stay Safe


Categorised in:

This post was written by Karen

Leave a Reply

Contact Us

  • 816 Sadler Road, Fernandina Beach, FL 32034
  • 904-430-0350
  • top icon