More than 2 million users in the United States, Russia, and Eastern Europe were susceptible to infection due to the popularity of the software in these countries and localities. Even if only 32-bit systems were affected, it is recommended that all users update the software to the latest edition. Now, the question arises what is Floxif virus and why it is dangerous. So scroll down to know more about this pest.
CCleaner, a well-known cleaning tool that cleans computers from adware and all sorts of malware and keeps processes optimized, has not been able to escape the onslaught of cybercriminals. All users who downloaded version 5.33 between August 15th and September 12th were at risk of being caught in the Floxif malware attack.
Floxif Virus - A Malware Disguised As Anti-malware
Floxif is a Trojan that becomes regarded to be spread the use of a corrupted model of CCleaner lately. The makers of CCleaner introduced formally that their software has been changed via cybercriminals to install Floxif on the sufferers' computer systems. One of the motives why the Floxif attack became so effective because the corrupted version of Floxif become being bought with a legitimate digital certificate. Once installed, Floxif was designed to show con artists technical records about the infected computers, consisting of running programs, installed software, the victim's PC's IP and name. It does appear that Floxif itself additionally led to other infections at the sufferer's computers. Essentially, Floxif sends collected statistics to the hacker, which permits them to supply extra Trojan payloads. CCleaner changed into corrupted on August 15, 2017, and it wasn't mentioned to its customers until September 12, 2017. Because of this, pc users that downloaded CCleaner in that length may have mounted Floxif on their computer systems unknowingly.
What does the Floxif virus do?
Researchers in the field of cybersecurity have discovered that Floxif virus collects data on the victim's computer. Plus, sends technical parameters to a remote management and control (C & C) server. Researchers from Cisco Talos, who identified the acquired version, also found that the malware creates queries for a specific IP address - 216.126.225.148.
At the beginning, the prepared version did not arouse any suspicions and had a valid digital signature. For this reason, malware was provided as version 5.33 of the program from Piriform (the original creators of the program - currently owned by Avast).
In addition, the infection nested in the program waited 601 seconds before the activity started. This was done in order to avoid the so-called sandboxing. Interestingly, Floxif only ran on systems with administrator rights.
After downloading at the start of the update process, this malware looks for the existing CBkdr.dll file with an identical but crafted counterpart. In addition to information tracking and transmission to the server, the infection did not show any other activities.
Cybersecurity experts suspect malware has been able to pass through Avast's anti-malware detection system. Some speculate that the aggressor could have made contact with someone from the company who had access to software development.
Is it safe to download CCleaner now?
Even though the version 5.33 version installers are still present, the malware has been successfully eliminated. Avast had already released version 5.34 on September 13th.
Although ordinary users cannot prevent this invasion given that it presents itself as the legitimate version, they might find this advice sound: