Threat Database Trojans Flofix Trojan

Flofix Trojan

The Flofix Trojan is a threatening malware that was injected by hackers into a popular system and driver clean-up utility named CCleaner. The cybercriminals managed to hack the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud and to place their malware threat inside the main executable file of legitimate applications. The Trojanized versions were available for download by users for nearly a month. 

During that period whenever the hacked CCleaner versions were installed onto a 32-bit computer, it would result in the Flofix Trojan being dropped and initiated. The threat would create the following files onto the user's computer:

  • %programfiles%\microsoft office\office11\msohev.dll
  • c:\documents and settings\administrator\local settings\temp\2a3ad5.tmp
  • c:\documents and settings\administrator\local settings\temp\2a3ad5.tmp.000

The Flofix Trojan would mostly act as a reconnaissance tool collecting various data from the compromised machine and exfiltrating it to a remote server under the control of the hackers. The tracked data included a list of all software products installed on the compromised system, its computer name, all active and running processes, the MAC addresses of the first three network interfaces and more. The threatening capabilities of the threat also include the ability to fetch additional payloads and deliver them to the infected system. 

Updating CCleaner to a newer version would remove the Flofix Trojan that is part of the main CCleaner executable. However, that is not enough to clean your computer from the nasty threat completely. To make sure that no traces of the Flofix Trojan are left behind it is recommended to do a scan with a professional anti-malware solution. 

Trending

Most Viewed

Loading...