CCleaner v5.33 Hacked to Distribute Malware

Version 5.33.6162 of the CCleaner available for download between August 15 and September 12 has been modified to include the Floxif malware, according reports published by MorphiSec and Cisco Talos.

Floxif is a malware downloader that gathers information about infected systems and sends it back to its C&C server. The malware also had the ability to download and run other binaries, but at the time of writing, there is no evidence that Floxif downloaded additional second-stage payloads on infected hosts.

The malware collected information such as computer name, a list of installed software, a list of running processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer in part. Researchers noted that the malware only ran on 32-bit systems. The malware also quit execution if the user was not using an administrator account.

Piriform acknowledged the incident in a blog post and said they found the malware in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191.

On September 13, Piriform released CCleaner 5.34 and pushed an update (v1.07.3214) to CCleaner Cloudusers that do not contain the malicious code.

So if you are running version 5.33 then do make sure you update straight away!

Leave a Reply