Poisoned CCleaner search results spread information-stealing malware

[maia]

Malware that steals your passwords, credit cards, and crypto wallets is being promoted through search results for a pirated copy of the CCleaner Pro Windows optimization program.

This new malware distribution campaign is dubbed “FakeCrack,” and was discovered by analysts at Avast, who report detecting an average of 10,000 infection attempts every day from its customer telemetry data. Most of these victims are based in France, Brazil, Indonesia, and India.

The malware distributed in this campaign is a powerful information stealer that can harvest personal data and cryptocurrency assets and route internet traffic through data-snatching proxies.
 

A Black Hat SEO campaign

The threat actors follow Black Hat SEO techniques to rank their malware-distribution websites high in Google Search results so that more people will be tricked into downloading laced executables.
The lure seen by Avast is a cracked version of CCleaner Professional, a popular Windows system cleaner and performance optimizer that is still considered a “must-have” utility by many users

 

Source:

 

https://www.bleepingcomputer.com/news/security/poisoned-ccleaner-search-results-spread-information-stealing-malware/

[Israeli_Eagle]

Smarter people simply only accept original installers. 

And use a good AV anyway...

 

Edited June 8, 2022 by Israeli_Eagle

[andy2004]

Smarter people dont use bloated software.. to remove rubbish from their computers in the first place..

CCleaner before it was SOLD to the other company was once good.. when it was a fair size for what it did..

now its 10x bigger.. does the same job as it used to.. with a few extra deletions.. takes longer to load, compared to its old self..

I did a comparison between a few "cleaners"..

I removed CCleaner which was ott.. at 60mb+ and replaced with a smaller 2mb app which does the same thing and uses the same winapp.ini that ccleaner used, to remove more rubbish.

and what with the a not so long original installer. actually containing spyware itself.. or should that be installed a certain .dll file which spied on the end user.

when i hear people talking about it.. i think i as it removes c*&p i wonder if it uninstalls itself at the end.

[pc71520]

8 hours ago, andy2004 said:

I removed CCleaner which was ott.. at 60mb+ and replaced with a smaller 2mb app

which does the same thing and uses the same winapp.ini that ccleaner used, to remove more rubbish.

Are you referring to BleachBit? 

[andy2004]

actually i had a few in mind when writing that.

 

BleachBit  12.29mb zip file. extracts to 20mb

CleanMgr+ under 1mb zip..

Kcleaner   3mb

[gandalf44]

I still use CCleaner because it has the ability to clear cookies but to retain a list of cookies that I have selected.  Every other cleaner that I have looked at simply clears all cookies.

[JimmyQ]

I still use ccleaner as well but I also add the following block list to my HOSTS file to block Avast, AVG, Piriform, and CCleaner domains. It's a very extensive list.

https://github.com/durablenapkin/block

Edited June 9, 2022 by JimmyQ

[andy2004]

36 minutes ago, gandalf44 said:

I still use CCleaner because it has the ability to clear cookies but to retain a list of cookies that I have selected.  Every other cleaner that I have looked at simply clears all cookies.

privazer allows you to choose which to keep,

[DLord]

On 6/9/2022 at 5:16 PM, JimmyQ said:

I still use ccleaner as well but I also add the following block list to my HOSTS file to block Avast, AVG, Piriform, and CCleaner domains. It's a very extensive list.

https://github.com/durablenapkin/block

You could simply block the related files (CCleaner, CCleaner64, CCUpdate) from accessing all hosts.  It's much simpler and shorter approach.

[UberGeek]

On 6/9/2022 at 6:16 PM, JimmyQ said:

I still use ccleaner as well but I also add the following block list to my HOSTS file to block Avast, AVG, Piriform, and CCleaner domains. It's a very extensive list.

https://github.com/durablenapkin/block

The Hosts file cannot possibly block IPs . . . can it?

[JimmyQ]

1 hour ago, UberGeek said:

The Hosts file cannot possibly block IPs . . . can it?

Here's the list: https://raw.githubusercontent.com/durablenapkin/block/master/avast.txt I also use a givaway version of Avast VPN, which I got from this site which I would most certainly never buy. This is another reason why I use the blocklist. @DLord Yes, I block the related files CCleaner, CCleaner64, CCUpdate also. Call it overkill? Maybe, but I feel comfortable blocking as much as I can, especially with Avast products trying to call home every 2 minutes.

Edited June 11, 2022 by JimmyQ

[Whi5t1eR]

On 6/11/2022 at 1:56 PM, JimmyQ said:

Here's the list: https://raw.githubusercontent.com/durablenapkin/block/master/avast.txt I also use a givaway version of Avast VPN, which I got from this site which I would most certainly never buy. This is another reason why I use the blocklist. @DLord Yes, I block the related files CCleaner, CCleaner64, CCUpdate also. Call it overkill? Maybe, but I feel comfortable blocking as much as I can, especially with Avast products trying to call home every 2 minutes.

 

It's like one of 'ya freakin kids that won't leave you alone.