"Super-Cleaner 2022" TROJAN FROM A FACEBOOK AD

Popup - CCleaner Professional | Try the world’s most trusted PC cleaner, free!

Registered via NameCheap on December 23, 2021 (updated December 28, 2021) - Whois ccleaner.io

image521×807 51.4 KB

VirusTotal (download link is a Discord URL) - VirusTotal - File - 911fd4b670111f01f4981f451a2b98132ba7efe45e3e60ef2fd8699898dce0b9

image1130×94 9.5 KB

Associated Facebook Account (operated in Lithuania) - Giftsfory | Facebook

Associated Email Address - [email protected]

Associated IP Addresses:
138.124.180.131

image854×688 68.9 KB

162.0.217.84

image848×690 69.8 KB

Program contains the Obsidium ransomware and RedLine stealer.

Maybe we could report the URL to Discord?

Edit: I’ve reported it to NameCheap and Discord. Let’s see what they say.

Reported it to Namecheap but got the standard “we are going to check it asap” response. Might just send it over to CCleaner since they are infringing on a trademark

NameCheap usually does check on it, but it takes a few days.