In a blog post, Avast points out that its in-house software CCleaner is currently being misused in fake campaigns. At FakeCrack, attackers allegedly offer cracked versions of popular software. In these cases, cracked means that it is suggested to users that they can get the paid software for free.
CCleaner Professional is also abused for this type of attack. A simple Google search for cracked versions leads to dubious download distribution websites. Instead of the free software, however, there is malware on the system.
Attackers take over PC
When clicking on the download button, users are usually smuggled through various websites, some of which only exist for a very short time. Various redirects later, an encrypted zip file actually ends up on the local system, which affects around 10,000 users per day.
Usually there is only one EXE file in the ZIP file, but that is enough to infect the system with malware. A stealer becomes active, scanning the system for as much usable information as possible, such as passwords or credit card data, data from crypto wallets, but also information about the system, such as installed programs, screenshots or surfing data.
Some of the malware variants found go even further and read the clipboard at regular intervals or install a proxy in order to divert data from crypto exchanges in a targeted manner. The bottom line is that an infection means that the attackers have complete control over the foreign PC.
Safely load CCleaner
Lesson learned: Don’t fall for the age-old free scam, stay away from cracked software. It’s no secret that Windows, Microsoft Office or even CCleaner Pro cost money. If you want to save, pay attention to discounts that are available regularly or use alternatives from the open source area.
The safe way to clean software is via the manufacturer’s website or via trustworthy third-party providers such as CHIP. Here the offered software is tested and you can be sure that you get the original.