Cyber criminals injected malicious code to CCleaner v5.33: 2.27 million users might be infected
More than two million computer users might be infected with a dangerous Flofix virus after installation of CCleaner program. Criminals managed to inject malicious code into the main program’s executable. Developers Avast and Piriform haven’t noticed the problem for almost a month.
Criminals hacked 5.33 version of the program which was available on the Avast website since 15th of August. However, since the 12th of September, this version is no longer available to download. But the latest information suggests that cyber criminals did not stop.
While the first wave of Flofix attack was aimed at home computer users who download CCleaner individually, the second one seems to target big companies. About 20 corporations, including Microsoft, Samsung, Sony, Cisco, and HTC, have suffered from the trojan.
Malware aims to steal personal user’s information
Floxif malware was injected into CCleaner.exe, which is the main program’s executable. The corrupted program was available on Avast and Piriform websites from August 15 to September 12th. However, security experts detected malware and removed infected software’s version.
However, security experts warn that malicious 5.33 version might be still available on third-party download sites. Thus, users should download CCleaner from official publisher’s website only.
The main facts about CCleaner 5.33 virus:
- the Trojan is executed on 32-bit Windows operating system only;
- it operates as a backdoor trojan;
- it might install other malicious programs if it receives such command from its remote C&C server;
- malware might collect technical information about the device, such as its name, unique ID number, installed programs, running processes, and Mac addresses of the network adapters;
- it might track sensitive information, such as login credentials or credit card information.
As soon as users download a malicious version of the program, the Trojan installs it components to various computer directories. It also modifies and creates new Windows Registry entries. Malware might also delete important system files. Thus, its removal is crucial.
Update to 5.44 version and restore computer
Users, who have installed CCleaner between August 15 and September 12th, may have become victims of Floxif virus. Thus, they have to download 5.44 (or newer) version of the program from the official website.
Furthermore, it’s recommended to restore the computer to the date before the attack. Scanning the system with antivirus is also advised. It helps to make sure that any malicious components were not installed on the device.
Finally, users should change email, Facebook and other social network’s, online banking and other accounts passwords. The Trojan may have stolen and stored sensitive data that might be used for emptying your bank account or committing other cyber crimes.