Bitcoin Forum

Other => Beginners & Help => Topic started by: btc_angela on June 09, 2022, 11:02:00 AM



Title: [READ]: CCleaner search results spread crypto stealing malware
Post by: btc_angela on June 09, 2022, 11:02:00 AM
The famous utility apps, CCleaner is now being used by cyber criminals to spread malware that steal peoples credential, including crypto assets.

Quote
This new malware distribution campaign is dubbed “FakeCrack,” and was discovered by analysts at Avast, who report detecting an average of 10,000 infection attempts every day from its customer telemetry data. Most of these victims are based in France, Brazil, Indonesia, and India.

https://i.imgur.com/8OkCS7B.png

The usual route, if you used Google search engine, then most likely you will be redirected to a malware laden website. And once you download and extract the files, then you are a victim already.

Quote
The malware also uses proxies to steal cryptocurrency market account credentials using a man-in-the-middle attack that’s very hard for the victim to detect or realize.

For a detailed technical explanation you can read it here: https://www.bleepingcomputer.com/news/security/poisoned-ccleaner-search-results-spread-information-stealing-malware/


Title: Re: [READ]: CCleaner search results spread crypto stealing malware
Post by: NeuroticFish on June 09, 2022, 11:05:09 AM
While I always recommend great attention with Google search result, this is somewhat different than the usual cases.
The image shows searched for crack for CCleaner, not CCleaner itself. And it's 100% expected that most of the crack and keygen apps come with extras = malware.
So, really, nothing new nor unexpected here.


Title: Re: [READ]: CCleaner search results spread crypto stealing malware
Post by: DdmrDdmr on June 09, 2022, 11:22:26 AM
Besides the said man in the middle attack, the referenced article also stated that the malware installed is capable of attempting to steal credentials stored in web browsers, and also can perform clipboard jacking, replacing your intended wallet address to interact with, with its own address. This latter is carried out not only for BTC addresses, but also a range of other cryptocurrencies (ETH, Cardano, etc.). Avast estimates (https://blog.avast.com/fakecrack-campaign) a counter value of at least 50K $ already stolen through the walled address swaps.

The fault, as mentioned above, does not reside in CCCleaner itself, but rather can use a wide range of software (allegedly cracked in their sales pitch) used as a pretext.

Quote
The infection chain starts on dubious sites that supposedly offer cracked versions of well-known and used software, such as games, office programs, or programs for downloading multimedia content. All these sites are placed in the highest positions in search engine results.



Title: Re: [READ]: CCleaner search results spread crypto stealing malware
Post by: lovesmayfamilis on June 09, 2022, 11:48:35 AM
The CCleaner cleaner itself is pretty good software. And when I used Windows 7, which was a very long time ago, this program was free. At least the options it offered for free were good enough for the average user.

But, if you decide to find a crack for it, which is quite simple because there are plenty of these cracks on any torrent, you will also get a slew of problems on your head along with the crack.

The expression "the miser pays twice" sounds exactly like it for such people. Someone spares a penny to officially buy a serial number, and later they steal a lot more from him since the owner is a lover of freebies.


Title: Re: [READ]: CCleaner search results spread crypto stealing malware
Post by: Lucius on June 09, 2022, 01:19:40 PM
The basic app is free and I use it every day to clean up all the garbage that accumulates after surfing, and the pro version doesn't seem to offer anything extra worth paying for - so it's weird that people are looking for pirated versions of something that does its job as a free version.



Avast estimates (https://blog.avast.com/fakecrack-campaign) a counter value of at least 50K $ already stolen through the walled address swaps.

It's a bit ironic that the warning comes from a company that is caught selling its users' data - if you ask me, this is just an attempt at very bad PR for a company whose reputation was significantly damaged two years ago. It is this data that can be used for the purposes of potential malicious attacks and the creation of various scam campaigns.

Avast, which makes free antivirus software that's used by millions of people around the world, is reportedly selling "highly sensitive" web browsing data via a subsidiary company called Jumpshot. The software appears to track users clicks and movements across the web, and collects data on things like searches on Google and Google Maps, as well as visits to specific LinkedIn pages, YouTube vids and porn websites, according to an investigation published Monday by Motherboard and PCMag.


Title: Re: [READ]: CCleaner search results spread crypto stealing malware
Post by: Rruchi man on June 09, 2022, 02:18:34 PM
The famous utility apps, CCleaner is now being used by cyber criminals to spread malware that steal peoples credential, including crypto assets.
If you ask the professionals, some highly discourage you using utility third party apps on computer where you have important information. Windows for example has a built in disk cleanup function that you can easily access through the search option, for others like the ios and for those who still prefer to download, if you must, make your downloads from your Play/app store and not any random link referred to you by Google.

A concern for me as well on this note is that hackers may soon expand their reach and use this technique of hiding malwares in other third party apps that people will never suspect.


Title: Re: [READ]: CCleaner search results spread crypto stealing malware
Post by: jossiel on June 09, 2022, 03:09:46 PM
I thought that it's within the legit CCleaner but good thing that it's the fake one that these developers have always done.

They're sending malware through the suspicious links and false advertisements they do in google searches. As long as it's not a legit one, people should always be wary about it.

Not just with CCleaner but also with other common apps that we use, if it's from a crack and unofficial website, you should expect that there's a sandwich within it and that's the malware that will infect your PC/Laptop system.


Title: Re: [READ]: CCleaner search results spread crypto stealing malware
Post by: mk4 on June 09, 2022, 03:13:46 PM
Ah yes, cracked software. I've been a huge user of those kinds of software in the past too! (I was a broke college student)

..until I had bitcoin and then suddenly I had something big to lose if I were to end up having malware. The moment I had around like $500 worth (and bitcoin's price was rising), I immediately bought a Ledger Nano S, and reinstalled my OS from scratch, not installing any pirated software again.

^What's funny is that what I did in the past should've been a no-brainer for everyone to do, but unfortunately most people are just careless as heck, and will need to learn the hard way.


Title: Re: [READ]: CCleaner search results spread crypto stealing malware
Post by: hugeblack on June 09, 2022, 03:28:14 PM
The title is misleading for several reasons:

 - Google search results are not identical and vary according to several factors, and the company is not responsible for them
 - You are looking for a crack for a program and therefore something illegal, from which it opens a lot of side doors.
 - Windows operating system is vulnerable to viruses, so it is best not to download unknown programs.
 - Avoid uploading, downloading or sharing data with third parties.

So what we are talking about above is general and not related to CCleaner.


Title: Re: [READ]: CCleaner search results spread crypto stealing malware
Post by: Cookdata on June 09, 2022, 04:25:27 PM
This topic reminded me of some of the highlights I discussed in one of my threads  (https://bitcointalk.org/index.php?topic=5387715.msg59385808#msg59385808) on the installation of a cracked version of software and freebies on a laptop. You don't know the safety of the new version of the program you are installing on your laptop, and you have no way of knowing whether the software you downloaded is secure.

The internet is open to everyone, and you never know if the guys you think are helping you are actually trying to steal something from your computer. Google is not immune to these acts, they may not intend to steal from you, but they are often very careless, they are so wealthy now that they don't verify when someone wants to advertise on their platforms, even Elon was complaining about how Youtube has become so cluttered with scammers and trojan of channels.


Title: Re: [READ]: CCleaner search results spread crypto stealing malware
Post by: Stalker22 on June 09, 2022, 05:15:18 PM
The famous utility apps, CCleaner is now being used by cyber criminals to spread malware that steal peoples credential, including crypto assets.
~

This is not related to the CCleaner software, and, as hugeblack said, your title is misleading. What you describe is applicable to any cracked software. To be more precise, the problem lies not in the software but in how you try to get it (illegally, by the way).

Given the fact that using cracked software is theft in itself, there is some poetic justice in the fact that cracked software may contain malware that can steal your crypto. And the irony is that you are trying to crack a security tool designed to protect your system. ;D


Title: Re: [READ]: CCleaner search results spread crypto stealing malware
Post by: Findingnemo on June 09, 2022, 05:23:23 PM
Not only this software any softwares downloaded from the third party websites have such risk even if it's not a cracked version that is why its always recommend to use the official website for installing any softwares for PCs and official market place for smartphones.


Title: Re: [READ]: CCleaner search results spread crypto stealing malware
Post by: m2017 on June 09, 2022, 05:43:46 PM
While I always recommend great attention with Google search result, this is somewhat different than the usual cases.
The image shows searched for crack for CCleaner, not CCleaner itself. And it's 100% expected that most of the crack and keygen apps come with extras = malware.
So, really, nothing new nor unexpected here.
Some people just need to stop being greedy and buy licensed software. This applies not only to CCleaner. Or switch to open source alternatives, if there are analogues. But when you are dealing with crypto, then there is no other option than to stop using soft+keygen or crack. Being stingy to buy licensed programs can cost a lot more.


Title: Re: [READ]: CCleaner search results spread crypto stealing malware
Post by: Smartvirus on June 09, 2022, 06:06:41 PM
The title is misleading for several reasons:

 - Google search results are not identical and vary according to several factors, and the company is not responsible for them
 - You are looking for a crack for a program and therefore something illegal, from which it opens a lot of side doors.
 - Windows operating system is vulnerable to viruses, so it is best not to download unknown programs.
 - Avoid uploading, downloading or sharing data with third parties.

So what we are talking about above is general and not related to CCleaner.
As rightly said by Hugeblack, Google search engine works differently based on locality as it tends to present search results based on what is more searched for frequently in a region, by clicks and language or sentence patterns used. That could account for the objectivism given to your search result @OP.

Mind you, Cracked versions of apps are always a by-pass of the original due to some thought to be inflated fees but the truth is, its not original no more and its sure to come with some issues in the long run as, some pass to its functionality and securities has been laid waste due to the crack. It might work for a time and only for a time before the faults starts to manifest.

Downloading apps based on Google search options is not often the best of ideas and many times and not even using the various stores on our devices helps so much too. Most devices often comes with these cleaners inbuilt and they work just fine although, you've still got the task of ensuring that your device isn't filled with unnecessary apps and downloads to not cloud your rom, give your ram a lot of work in the process and thus your CCleaner. Looking out for apps, the official sites is much more safe.

After the report from Avast which acquired Piriform that had produced the CCleaner 5.33, they managed it to come with a version 5.34 and CCleaner Cloud 1.07.3191 and from the way o see it, it comes to a market strategy and to promote the download of the new softwares which is sure to have a backdoor too.

Noting: France, Brazil, Indonesia and India as the nations where its most targeted,
Could it be a potential market to sell new versions or thy are just the most affected due to there involvement with cracked version apps... just being speculative.