Ccleaner, a common and well-respected cleanup software, recently released version 5.33 of its program. Developed by Avast, Ccleaner has both free and paid versions available of its software; both of which cleanup a computer to a high standard. The paid version of Ccleaner also updates itself automatically.
Version 5.33 of Ccleaner, released for download between August 15th and September 12th, included the latest improvements to the program. However, it also came alongside a hidden piece of malware called Floxif. Cisco reports that Floxif gathers computer information from an infected machine and sends it back to a designated server. This data includes Computer Name, software lists, running processes, MAC addresses stored and unique IDs of the computer’s physical parts. Cisco researchers also noted that Floxif only ran on 32-bit versions of Ccleaner, and quit if the user running Ccleaner was not an admin.
Cisco researchers believe Ccleaner distribution was compromised in the Avast supply chain earlier this year, replacing the legitimate Ccleaner v5.33 app on the website with one that contained Floxif hidden in the executable.
At this time, it is unclear if Avast was initially aware of the breach, or if the malware was introduced by a company insider.
Nonetheless, advice from Entegraty includes either uninstalling the Ccleaner software or updating to the latest version of its software: v5.35. Either of these procedures will remove the Floxif malware if it is present. At this time, there is no reason to suggest a further attack of this kind. Entegraty would like to remind users that they should remain vigilant and cautious around the installation of any software they are not familiar with.