"Super-Cleaner 2022" TROJAN FROM A FACEBOOK AD

OfclyGoodenough · 19 January 2022 15:53

Popup - CCleaner Professional | Try the world’s most trusted PC cleaner, free!

Registered via NameCheap on December 23, 2021 (updated December 28, 2021) - Whois ccleaner.io

VirusTotal (download link is a Discord URL) - VirusTotal - File - 911fd4b670111f01f4981f451a2b98132ba7efe45e3e60ef2fd8699898dce0b9

Associated Facebook Account (operated in Lithuania) - Giftsfory | Facebook

Associated Email Address - [email protected]

Associated IP Addresses:
138.124.180.131

162.0.217.84

Program contains the Obsidium ransomware and RedLine stealer.

AngelFat · 19 January 2022 17:05

Maybe we could report the URL to Discord?

Edit: I’ve reported it to NameCheap and Discord. Let’s see what they say.

jono1234 · 19 January 2022 17:12

Reported it to Namecheap but got the standard “we are going to check it asap” response. Might just send it over to CCleaner since they are infringing on a trademark

AngelFat · 19 January 2022 17:15

NameCheap usually does check on it, but it takes a few days.