Priya PatelTLDR:
– CrowdStrike warns of a new phishing scam targeting German customers.
– Malicious installers distributed via a fake website impersonating a German entity.
CrowdStrike recently issued a warning about a phishing campaign targeting German customers. The threat actors behind this campaign are using the recent Falcon Sensor update fiasco to distribute dubious installers. The attackers created a fake website impersonating a German entity and distributed an inauthentic CrowdStrike Crash Reporter installer. This installer contained CrowdStrike branding, German localization, and required a password to continue installing the malware. The phishing page featured a link to a ZIP archive file containing a malicious installer, with the malicious code being injected into a JavaScript file to evade detection.
The campaign is highly targeted, with the installer being password-protected and tailored for German-speaking CrowdStrike customers. The threat actor behind this campaign appears to be well-versed in operations security practices, making it difficult to track and attribute the attacks. This new phishing campaign comes in the wake of a series of attacks leveraging the CrowdStrike update issue to distribute malware such as the Remcos RAT and Lumma information stealer. CrowdStrike’s CEO has apologized for the recent IT disruptions caused by the botched update and promised to improve response measures.
Analysis of traffic patterns exhibited by CrowdStrike machines has revealed some interesting data points that warrant further investigation. Despite the setback caused by the recent outage, CrowdStrike remains committed to protecting their customers and disrupting adversaries targeting them. This phishing campaign serves as a reminder of the importance of maintaining cybersecurity hygiene and staying vigilant against evolving threats.
