CCleaner,Guest Posting a well-known cleaning tool that cleans computers from adware and all sorts of malware and keeps processes optimized, has not been able to escape the onslaught of cybercriminals. All users who downloaded version 5.33 between August 15th and September 12th were at risk of being caught in the Floxif malware attack.
Floxif Virus – A Malware Disguised As Anti-malware
Floxif is a Trojan that becomes regarded https://mobilieiron.com/ to be spread the use of a corrupted model of CCleaner lately. The makers of CCleaner introduced formally that their software has been changed via cybercriminals to install Floxif on the sufferers’ computer systems. One of the motives why the Floxif attack became so effective because the corrupted version of Floxif become being bought with a legitimate digital certificate. Once installed, Floxif was designed to show con artists technical records about the infected computers, consisting of running programs, installed software, the victim’s PC’s IP and name. It does appear that Floxif itself additionally led to other infections at the sufferer’s computers. Essentially, Floxif sends collected statistics to the hacker, which permits them to supply extra Trojan payloads. CCleaner changed into corrupted on August 15, 2017, and it wasn’t mentioned to its customers until September 12, 2017. Because of this, pc users that downloaded CCleaner in that length may have mounted Floxif on their computer systems unknowingly.
What does the Floxif virus do?
Researchers in the field of cybersecurity have discovered that Floxif virus collects data on the victim’s computer. Plus, sends technical parameters to a remote management and control (C & C) server. Researchers from Cisco Talos, who identified the acquired version, also found that the malware creates queries for a specific IP address – 216.126.225.148.
At the beginning, the prepared version did not arouse any suspicions and had a valid digital signature. For this reason, malware was provided as version 5.33 of the program from Piriform (the original creators of the program – currently owned by Avast).
In addition, the infection nested in the program waited 601 seconds before the activity started. This was done in order to avoid the so-called sandboxing. Interestingly, Floxif only ran on systems with administrator rights.