Phishing, Malware

CrowdStrike outage exploited to spread new Daolpu infostealer

The CrowdStrike logo and a blue computer screen appeared during

Organizations have been warned by CrowdStrike about the proliferation of a phony recovery manual for Windows devices impacted by the massive global IT outage resulting from a faulty update of its Falcon platform that has been used to spread the novel Daolpu information-stealing malwareBleepingComputer reports.

Attackers leveraged phishing emails with a malicious Word attachment having the same text as Microsoft's support bulletin regarding its Recovery Tool for outage-hit devices that contains macros, which when enabled facilitates the download of a DLL file, according to CrowdStrike. Such DLL file is later decoded by Windows certutil to eventually allow injection of the Daolpu infostealer, which enables the exfiltration of all browser-stored credentials and cookies following process termination, according to CrowdStrike, which also provided a YARA rule and indicators of compromise for the attack. Further analysis conducted by BleepingComputer revealed that Daolpu may have originated from Vietnam due to its targeting of a browser widely used in the country.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds