By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Researchers have discovered a web site pushing a PC cleaner tool for Windows that in reality is just a front for the Azorult password and information-stealing Trojan. AZORult is a trojan that when installed attempts to steal a user's browser passwords, FTP client passwords, cryptocurrency wallets, desktop files, and much more. Instead of renting distribution methods such as spam, exploit kits, or being dropped by other trojans, the attackers decided to create a fake Windows utility and an accompanying web site to distribute the Trojan instead. According to the site, G-Cleaner or Garbage Cleaner is a Windows junk cleaner that removes temporary files, broken shortcuts, and unnecessary Registry entries. Overall, it's promoted like all the other system optimization tools that we see regularly being offered. Even when you download and run the program, it looks like countless other homemade PC cleaners and states it will scan your computer for junk files and remove them. When the G-Cleaner program is installed, it will download the main components of the fake PC cleaner and save them to the C:\ProgramData\Garbage Cleaner or C:\ProgramData\G-Cleaner folders depending on the version. It will then extract a randomly named file to the %Temp% folder and execute it. This file is the malware component that will attempt to steal your computer's passwords, data, wallets, and other information. Even though this site and the malware that is being pushed is over one month old, the site is still up and running. Just yesterday, another researcher named JamesWT discovered it again and even a month later, few antivirus vendors were detecting it as malicious. Further details can be found on OUR FORUM.

 

GTranslate