CCleaner infection more serious than previously thought

Posted 21 September 2017 06:46 CEST by Kerry Brown

In a new report by Cisco Talos Group, it appears that the malware found in CCleaner was more serious than it initially appeared.  Talos Group has found a second payload in their analysis and it appears to target certain sites.


The infection was found in version 5.33 of CCleaner, and was distributed for almost a month.  In the second payload, the malware was directed at two dozen sites of companies like Cisco, Samsung, Microsoft and others in an attempt to access intellectual property of those companies.

The second stage installer was GeeSetup_x86.dll, which checked to see if the system was 64 bit or 32 bit, then it planted the appropriate type of trojan into the operating systems.  The 32-bit trojan was TSMSISrv.dll, the 64-bit trojan was EFACli64.dll.

Recommendation by the Talos Group researchers is to go to an earlier image of your operating system, prior to the installation of CCleaner version 5.53.

You can read more on the story at ghacks. net.

Related content