Windows PC utility ‘G-Cleaner’ a front for malware

It should be a given that any third-party entity seeking access to your machine can be a potential cybersecurity threat. This sadly is not much of a deterrent for some individuals, as there are countless instances of infection, often resulting from allowing access to malicious programs. It is this reality that security researcher Benkøw moʞuƎq uncovered when doing an investigation on a website offering PC cleaning. As Benkøw moʞuƎq discovered, however, the website is merely a front for the Azoralt Trojan, which most notably steals passwords and numerous types of private data. The website in question is called G-Cleaner, which advertises the following service:

G-Cleaner can clean unneeded files, settings, and Registry entries for web browsers and many installed applications on your system, as well as Windows features.

G-Cleaner is a small, effective utility for computers running Microsoft Windows that cleans out the “junk” that accumulates over time: temporary files, broken shortcuts, and other problems. G-Cleaner protects your privacy. It cleans your browsing history and temporary internet files, allowing you to be a more confident Internet user and less susceptible to identity theft.

In their own investigation on G-Cleaner, which is detailed in full here, Bleeping Computer (namely author Lawrence Abrams) showed how the Azoralt Trojan infection occurs. Upon download, the malicious files are placed in either C:\ProgramData\Garbage Cleaner or C:\ProgramData\G-Cleaner folders. Following this, the payload is extracted to the %Temp% folder and then executed. Following execution the Azoralt payload communicates with a Command and Control server, and before terminating, it “will upload a file called Encrypted.zip that contains the harvested data.”

As of the time of this reporting, despite the website being uncovered and publicly analyzed by Benkøw moʞuƎq last month, G-Cleaner still remains up. Obviously the best course of action is to avoid the website, but additionally, you should be wary of any PC cleaner website. With enough know-how and by using legitimate programs you can clean up your storage without jeopardizing the machine you operate on. It really isn’t worth the risk to entrust it to unverified third parties.

Featured image: Flicker / Marco Verch

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

IFA 2019: All the top smartphone announcements and unveilings

IFA 2019, this year’s version of the annual consumer electronics trade show, did not disappoint. Is one of these smartphones…

24 mins ago

Outlook connectivity: Troubleshooting and solving common issues

IT professionals all dread getting this fevered message from employees and clients: “I’m having Outlook connectivity issues!” Here’s what you…

5 hours ago

Using tags with Azure runbook automation to control your costs

Here’s a script designed to start and stop virtual machines based on tags associated at the resource group level. It…

8 hours ago

Software-defined perimeter solutions: Why this is the future of security

Traditional VPNs are showing their age in the modern cloud-powered workplace. That’s why software-defined perimeter solutions are in your future.

3 days ago

Why you need to check your virtualization host’s NUMA configuration

Should you disallow NUMA spanning in your Hyper-V architecture? There are two sides to this story, and you’ll get both…

3 days ago

Getting started with Visual Studio Code and integrating with Azure DevOps

Coding may not be the No. 1 job duty for cloud admins, but it is often a part of the…

3 days ago