Had to jump through hoops to install latest update of CCleaner 563....

[polonus]

First MBAM extension in the browser started to moan about a threat - some htxps://obfuscator.10 etc.
Then Microsoft also intervened, do you really want to install? Had to insist...

VirusTotal results on the download: https://www.virustotal.com/gui/file/f2aba7dc1d4ab617d7b09b19e7a5b4f6b6e3f790981050d163f395002646b890/detection

All clean, why the alerts? I had the official download from inside the proggie.

Consider: https://www.virustotal.com/gui/file/f2aba7dc1d4ab617d7b09b19e7a5b4f6b6e3f790981050d163f395002646b890/community

Anyone on this? By the way also VoodooShield alerted on the installer file.

polonus

[Pondus]

First MBAM extension in the browser started to moan about a threat - some htxps://obfuscator.10 etc.

I guess those who can answer is over at malwarebytes forum...

[Asyn]

Hi, you can check/verify your installer here: https://forum.piriform.com/topic/55747-ccleaner-v5637540/

Also see: https://forum.piriform.com/topic/55753-latest-versiom-ccleaner-dangerous/

[Michael (alan1998)]

Isn't CCleaner the program that got hijacked a few years back?

Dr Web has a tendency to false-positive our new releases for the first 24-72 hours after release.  They tend to respond quite promptly though to feedback from us and from their users about corrections though.

[polonus]

I was not aware how actual this was, seen in the light of the Petya attack on CCleaner,
that avast had to nip in the bud on September 23rd last,
while the malcreant/attacker tried to compromise  a temp VPN account since May 14th last.

The malcode was Petya. This is a Russian word derived from Pinyin,
the system used to translate Mandarin-Chinese with the use of Latin.

So Voodooshield and MBAM still alerted Piriform's software.

Petya is malware that originated in the Russia-Ukraine opposition, that is why I got the obfoscator10 alert,
which later was seen to be a FP, checked the installer at VirusTotal, nothing came up.

So Avast has to sure watch their crown jewel software now,

polonus

[Asyn]

-> https://blog.avast.com/ccleaner-fights-off-cyberespionage-attempt-abiss
-> https://www.ccleaner.com/news/blog/2019/10/21/ccleaner-version-563-preventative-update-as-part-of-our-zero-tolerance-policy-against-cybercrime

[polonus]

Hi Asyn,

The aftermath of the breach of NSA's Eternal Blue combined with Mimikatz password stealing researchware
led to  the infesting Agent.BTZ malware, the so-called Autorun worm.

Initially used by State Actors it formed an inspiration for cybercriminals:
https://www.f-secure.com/v-descs/worm_w32_agent_btz.shtml

Time to check C:\Windows\ sysWow64.cmd.exe via specific malware detecting command prompts.

Malware also abused by Turla-APT-group hijacking other APT's cyber-attacking-tools.
Read: https://www.baesystems.com/en/cybersecurity/feature/the-snake-campaign

It dangerous in this digital world of ours, folks, it really is.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)