"Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process. We also immediately contacted law enforcement units and worked with them on resolving the issue. Before delving into the technical details, let me say that the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version. Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm."
I will be following up with any additional information from my team as soon as it's available, and we thank everyone for your support.
I had my Win 10 64bit my Win7 64 bit and my Vista 32bit hacked with actually 2 different trojans. My Hotmail Skype also were compromised as I got a message from Microsoft to tell me that someone tried to access my account so I had to change passwords etc etc. not a fun afternoon.
I regularly run a MalwareBytes scan and this trojan wasn't detected when CCleaner 5.33 was functioning. It also wasn't detected by MWB when the 5.34 upgrade occurred last week. Only on Sept 19 (Australian time) when MalwareBytes database was updated to v. 2017.09.19.02 did it successfully notify that CCleaner was infected with Floxif.
So, running a malware scan with one of the most widely used detection and removal programs was of no use whatsoever prior to Sept 19.
Running Win 10 -64-bit and Defender found Floxif yesterday
Thanks for the heads up Piriform
Blog comments not good enough
Seems Piriform knew much earlier in Sep.
It's really an online war
We, public, and customers, last to know