Hackers are taking advantage of the recent CrowdStrike incident to trick people into downloading malware disguised as a fix. According to reports, a phishing campaign is circulating a document called ‘New_Recovery_Tool_to_help_with_CrowdStrike_issue_impacting_Windows.docm,’ which appears to be a Microsoft support bulletin for a Recovery Tool that can remove the faulty CrowdStrike driver from Windows PCs.
However, this document contains malicious macros that install an infostealer called Daolpu. This malware is designed to steal account credentials, browser history, and authentication cookies from popular browsers like Chrome, Edge, Firefox, and even C?c C?c – a Vietnamese web browser. The use of macros to deliver malware is not new, but it is still effective in this case.
The faulty CrowdStrike update caused many Windows PCs to crash and enter an infinite boot loop, affecting major organizations worldwide. This incident has provided an opportunity for cybercriminals to launch phishing campaigns impersonating CrowdStrike or IT professionals offering quick fixes in exchange for cryptocurrency payments.
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to users to avoid clicking on suspicious emails or links related to the CrowdStrike issue. They have observed multiple phishing campaigns where scammers attempt to exploit the situation for financial gain.
In addition to the phishing campaigns, a separate warning from AnyRun highlighted a malware campaign targeting BBVA bank customers with a fake CrowdStrike Hotfix update that actually installs a remote access tool (RAT) called Remcos. This shows the extent to which cybercriminals are willing to go to exploit vulnerabilities and target unsuspecting victims.
It is crucial for individuals and organizations to stay vigilant and ensure that they are downloading software updates and fixes from legitimate sources. Being aware of common phishing tactics and avoiding clicking on suspicious links can help prevent falling victim to these types of scams.
As cybersecurity threats continue to evolve, it is important to stay informed and take proactive measures to protect sensitive information and devices from malicious actors. By staying updated on the latest cybersecurity trends and best practices, individuals and businesses can mitigate the risk of falling victim to cyberattacks.
