CCleaner by Avast infected with malware

justRich · September 18, 2017

Quote

Users of Avast-owned security application CCleaner for Windows have been advised to update their software immediately, after researchers discovered criminal hackers had installed a backdoor in the tool. The tainted application allows for download of further malware, be it ransomware or keyloggers, with fears millions are affected. According to Avast's own figures, 2.27 million ran the affected software, though the company said users should not panic.

and from Bleeping Computer:

Quote

Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago.

Floxif is a malware downloader that gathers information about infected systems and sends it back to its C&C server. The malware also had the ability to download and run other binaries, but at the time of writing, there is no evidence that Floxif downloaded additional second-stage payloads on infected hosts.

The malware collected information such as computer name, a list of installed software, a list of running processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer in part. Researchers noted that the malware only ran on 32-bit systems. The malware also quit execution if the user was not using an administrator account.

Chalkie · September 18, 2017

Thanks for the info.

As an FYI, while my system is 64-bit I ran Malwarebytes and it did find Floxif in the install file. I upgraded to the newer CCleaner as well.

RV_ · September 19, 2017

Yep,

Same here. I had two of my systems infected by CCleaner with Floxif. Malwarebytes quarantined it and after restarting it deleted them fine. I also ran Norton power eraser and Windows defender and they appear clean. Funny thing is I have two 32 bit Windows 10 systems, the Dell Venue 11 Pro/64GB/2GB/32 bit, and my Voyo Mini PC 64GB/2GB/32 bit. They weren't infected.

Thanks for posting for the others Chalkie.

Pieere · September 19, 2017

Nothing is sacred!!

RV_ · September 19, 2017

Guys,

This only reiterates the fact that the operating systems are so well protected that it is all but impossible to be the one who finds an unpatched vulnerability in Windows, OSX, and Linux. So they have for years found vulnerabilities in the third party software as seen with all the Adobe Reader attacks, the Foxit reader attacks a few months ago, and now CCleaner. Remember it isn't the fault of the OS maker if we load other programs that are infected and override security warnings asking if we really want to make an exception, or exclusion or to load the web page or program anyway overriding the safeguards.

Our Windows 10 tablets are as secure as the desktops and laptops because they are running full Windows 10, not a cell phone app on a tablet. Here are the specs for my Surface Pto 4: https://www.newegg.com/Product/Product.aspx?Item=9SIAENH6A11305&cm_re=surface_pro_4_i7-_-34-735-075-_-Product My tablet specs exceeds 80% of desktops of any brand. I have the back lit Surface 4 Type cover and stylus as well. So I'm selling my Surface 3 Pro without my type cover and stylus as some refurbs directly from Microsoft are purchased in bulk by some resellers like my friend and come with the tablet only.

Apple is quite capable of making their iPhones and iPads compatible enough to run their full OSX on them and get the advantage of only having to harden one OS, like Microsoft does now. I know some iPad and iPhone owners think the Windows tablets are under the same restrictions and limitations theirs have, but that was Microsoft's now abandoned Windows RT, using cell phone chipsets. Now our tablets have x86 chipsets just like the full size computers.

However, regardless of how hardened the OS' for traditional computers are, the cell phone operating systems which includes all Android versions, all iOS versions for iPhones and iPads, are under constant attack and successfully enough of the time to be the new targets of the criminal hackers.

We do have our old Windows Lumia 735s we now use as media players, and can switch back to them fine as they are Verizon phones, albeit a bit slow and lacking in security as the new ones are.

None of that is a slam on anyone's OS maker. And Windows 10 mobile was also not the same as Windows 10 for computers and tablets. And we both were in love with the phone OS 10 mobile evolved to. So I would imagine many of the phone owners would not want them to be the same. All the main computer OS makers can do what Microsoft did as easily as they produce what they do now. And can make the launchers identical to the iPhone and iPad launchers they have now. From 5turned off completely and cold, my Surface Pro 4 boots in 12 seconds including reading my face for security instead of wasting time on a thumbprint or pin entry. You don't realize until you have one of the newer ones with the dedicated infrared camera hardware. See a picture held up has no depth or heat and the security cameras for face recognition have both sensor capabilities I understand.

IN the meantime, if you have any other third party programs like Foxit reader or Adobe programs or others like games and utilities check regularly for updates. I check all mine every month on the day of Windows updates (Second Tuesday of each month so far with a few out of cycle updates as needed for damaging malware zero day attacks.