Phishing, Malware

CrowdStrike outage exploited to spread new Daolpu infostealer

Share
The CrowdStrike logo and a blue computer screen appeared during

Organizations have been warned by CrowdStrike about the proliferation of a phony recovery manual for Windows devices impacted by the massive global IT outage resulting from a faulty update of its Falcon platform that has been used to spread the novel Daolpu information-stealing malwareBleepingComputer reports.

Attackers leveraged phishing emails with a malicious Word attachment having the same text as Microsoft's support bulletin regarding its Recovery Tool for outage-hit devices that contains macros, which when enabled facilitates the download of a DLL file, according to CrowdStrike. Such DLL file is later decoded by Windows certutil to eventually allow injection of the Daolpu infostealer, which enables the exfiltration of all browser-stored credentials and cookies following process termination, according to CrowdStrike, which also provided a YARA rule and indicators of compromise for the attack. Further analysis conducted by BleepingComputer revealed that Daolpu may have originated from Vietnam due to its targeting of a browser widely used in the country.

Related Terms

Adware

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.