Avast's CCleaner Free Windows Application Infected With Malware (bleepingcomputer.com) 27
Reader Tinfoil writes: Cisco Talos announces that malware cleaning app, CCleaner, has been infected with malware for the past month. Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago. Cisco Talos believes that a threat actor might have compromised Avast's supply chain and used its digital certificate to replace the legitimate CCleaner v5.33 app on its website with one that also contained the Floxif trojan. The company said more 2.27 million had downloaded the compromised version of CCleaner.
CCleaner wasn't malware all along? (Score:2, Insightful)
CCleaner wasn't malware all along?
It certainly seemed that way given how they advertised.
It seems that most anti-virus programs slow your machine down more than the malware than they purport to protect you from - and they're as damaging to your privacy too.
I'm not at all clear on what value they bring to the table.
Re: (Score:2)
Of course I could have easily confused them with some other anti-malware vendor when it comes to their advertising -- many of them seem to be pretty scummy - just skimming the border of drive-by installs, piggybacking on other installs (looking at *you* Adobe) etc.
Re: (Score:3, Insightful)
It's not an anti-malware program.
It's an optimizer.
Re: (Score:2)
Norton should sue for patent infringement.
.. And the malware is (Score:3)
... AVAST AntiVirus! Who would have guessed that a great tool like CCleaner would be messed up by Avast in no time at all.
Never had a problem until (Score:5, Informative)
Re: (Score:2, Insightful)
I felt the same way when I heard about Avast acquiring CCleaner. I refused to upgrade until I could find some reviews that said Avast hadn't ruined it with bloat like their anti-virus, and damn I'm glad I waited.
Why payload is so gimped? (Score:3)
Someone capable of poisoning signed downloads (high complexity) should be able to select functional payload (low complexity). I don't see any alternative explanation to "ran on 32-bit systems" limitation other than incompetence. This doesn't add up.
Re: (Score:3)
It's almost like it was meant to inspect corporate or government computers where lazy IT admins might not have migrated 64-bit-capable workstations to 64-bit OSes because they've been maintaining a 32-bit OS/image for years, and to then allow that information to be inspected to determine which computers to attempt to infect with other payloads.
Anyone know if the malware is detectable / fixable (Score:1)
As a regular and longtime user/installer of CCleaner, including version 5.33, it's possible that I may be infected. I've not seen any symptoms nor has Malware Bytes/Comodo detected anything, but....
Can any of the current tools check if any of my PCs are/may be infected?
Re: (Score:3)
Sure. CCleaner version 5.34. Available from downloads.ru today!
"Malware cleaning app" (Score:4, Insightful)
Cisco Talos announces that malware cleaning app...
Except it wasn't a malware cleaning app. Just a cleaning app. Maybe it happened to clean malware that got caught in the recycle bin, but that's about the extent of it. Of course, it ended up being a malware-infected cleaning app. Maybe that's what the OP meant??
Can it clean it's own malware though? (Score:2)
Re: (Score:2)
Damn ... (Score:2)
... First, Web of Trust and now this.
Where's the MD5/SHA1 for the infected files? (Score:2)