Fake Windows PC Cleaner Drops AZORult Info-Stealing Trojan

Fake Windows PC Cleaner Drops AZORult Info-Stealing Trojan virus that steal user’s web browser passwords, FTP client passwords, cryptocurrency wallets, desktop files and many more from PC. The cyber attackers create a fake Windows utility and web suite to distribute the trojan as far as possible instead of distribution methods such as spam, exploit kits etc.

G-Cleaner or Garbage Cleaner is a Windows junk cleaner tool that removes temporary files, broken shortcuts, and unnecessary registry entries from PC. It is promoted like all the other system optimization tools that we see regularly being offered to us. G-Cleaner or Garbage Cleaner clean unneeded files, settings, registry entries for web browsers as well as Windows features and many installed applications from computer system. It is a small, effective utility for computers running Microsoft Windows that cleans out the ‘junk’ like temporary files, broken shortcuts and other problems on PC. It protects users privacy and clean browsing history and temporary internet files on PC.

When users download and run this program, it looks like countless and states that it will scan PC for junk files and remove them. When G-Cleaner or Garbage Cleaner is installed on PC, it downloads the main components of the fake PC cleaner and save them to the C:\ProgramData\Garbage Cleaner or C:\ProgramData\G-Cleaner folders depending on the version. It extracts a random named file to the %Temp% folder and execute it. This file is the malware component that attempt to steal PC’s passwords, data, wallets and other vital information. While running G-Cleaner or Garbage Cleaner communicate with a Command & Control server via gate.php script. It also upload a file called Encrypted.zip that contains the harvested data from a victims machine as its last communication before it removes itself from PC.

G-Cleaner and the malware the way it distributes trojan illustrates how important it is for the users to not haphazardly download programs from the internet.  Users should research a site before downloading and installing a program to determine if they have a good reputation and can be trusted. Even then, it is always suggested for every user to check whether it is safe to run on PC or not. With that said, there will always be some confusion as legitimate programs can still have false positives. In such situations, you need to weigh all the factors such as site trustworthiness, reviews and word of mouth to decide if you should run the program.

Leave a Comment

Your email address will not be published. Required fields are marked *