Researchers from Avast have uncovered a malware campaign, tracked as FakeCrack, spreading through the search results for a pirated copy of the CCleaner Pro Windows optimization program.
The researchers pointed out that operators behind the campaign used a large infrastructure to deliver an info-stealing malware and harvest sensitive data, including crypto assets, from the victims.
Avast revealed to have prevented the infection of roughly 10,000 users daily, most of them located in Brazil, India, Indonesia, and France.
The links provided by the Google queries point to a ZIP archive encrypted with a weak password, such as 1234, that contains a single executable file (i.e. setup.exe or cracksetup.exe).