By GoldSparrow in Trojans

Threat Scorecard

Ranking: 2,484
Threat Level: 80 % (High)
Infected Computers: 53,004
First Seen: January 4, 2013
Last Seen: September 21, 2023
OS(es) Affected: Windows

Floxif is a Trojan that was known to be spread using a corrupted version of CCleaner recently. CCleaner is a legitimate program that is used to help computer users perform maintenance tasks on their computers. However, a corrupted version of this utility has led to more than 2 million computers becoming infected with Floxif. As soon as Floxif was installed on the victim's computer, it started gathering information about the infected computer and sending it to the Floxif's controllers, allowing con artists to gain access to the victim's data.

The Name of an Honest Progam Being Used to Dishonest Actions

The makers of CCleaner announced officially that their program had been modified by cybercriminals to install Floxif on the victims' computers. One of the reasons why the Floxif attack was so effective was because the corrupted version of Floxif was being delivered with a valid digital certificate. Once installed, Floxif was designed to send con artists technical data about the infected computers, such as running programs, installed software, the victim's computer's name and addresses. It does seem that Floxif itself also led to other threat infections on the victim's computers. Essentially, Floxif delivers data to on artist, which allows them to deliver additional Trojan payloads. CCleaner was corrupted on August 15, 2017, and it wasn't reported to computer users until September 12, 2017. Because of this, computer users that downloaded CCleaner in that period may have installed Floxif on their computers unknowingly.

How Floxif Carries out Its Attack

Floxif runs in the background. Floxif uses the infected computer's resources, such as CPU processing and online bandwidth, and connects to its Command and Control server through the IP address Floxif also receives data, including additional threats, which it could then install on the victim's computer. Not only individual computer users were the intended victims of Floxif. Floxif also was meant to compromise major technology and communications companies in the United States, Germany, Taiwan, Japan, and the United Kingdom, including such high-profile targets as Cisco, MSI, Oracle, Google, Linksys and Epson. Floxif has been delivered to high-profile targets, which include some banks and government computer networks. Possible victims of the Floxif attack have been notified, and steps are being taken to ascertain the extent of the Floxif attack.

Further Details about a Floxif Infection

The reason why Floxif managed to infect 2.27 million people (at the last estimate) is that the con artists were able to modify CCleaner's main executable, making it quite difficult to realize that the attack was going on. At least 20 computers owned by high-profile technology companies have been infected with Floxif. Updating CCleaner to its latest version should remove Floxif. A security program that is fully up-to-date can scan your computer if you have downloaded CCleaner or there's a possibility that Floxif has infected your computer. You should take some steps to limit the damage of a possible Floxif infection on your computer:

  1. Make sure that your copy of CCleaner is updated to version 5.34 or higher. The corrupted version of this program is version 5.33.
  2. Use a security program to run a full scan of your computer.
  3. Change all of your passwords and other sensitive data.
  4. Take steps to check that your online accounts, particularly your online banking accounts, have not presented suspicious activity or been compromised in any way. Your social media and email accounts also may have been compromised and used to deliver spam messages.

SpyHunter Detects & Remove Floxif

File System Details

Floxif may create the following file(s):
# File Name MD5 Detections
1. symsrv.dll 4fcd7574537cebec8e75b4e646996643 3,338
2. symsrv.dll 1458e1451cf701b363c99cfb81317789 2,152
3. symsrv.dll 0609f5fe5fee88412b62aacafc43aedc 93

Related Posts


Most Viewed