July 23, 2024 at 10:36AM
CrowdStrike warns of a new Daolpu malware, falsely distributed as a Windows recovery tool after the recent Falcon update struggles. This stealer targets account credentials and browser data from Chrome, Edge, Firefox, and Cốc Cốc. Attackers use malicious document macros to trigger the malware. CrowdStrike advises vigilance against phishing and irregular communications following the update’s wide-reaching impact.
The meeting notes highlight the emergence of a new information-stealing malware called Daolpu, which is being distributed through phishing emails disguised as a Microsoft recovery manual. The malicious document contains macros that, when enabled, download and execute the Daolpu stealer on the compromised device.
Daolpu targets account credentials, browser history, and authentication cookies from various web browsers, primarily Chrome, Edge, Firefox, and Cốc Cốc. The stolen data is temporarily saved to ‘%TMP%\result.txt’ before being sent back to the attackers’ C2 server.
CrowdStrike has issued an advisory about the new malware and provided a YARA rule for detection purposes. They advise customers to follow advice only from their official website or other trusted sources.
The fallout from the CrowdStrike Falcon update includes widespread IT outages and the emergence of various malicious activities by cybercriminals aiming to exploit the chaotic situation. This includes phishing attempts impersonating CrowdStrike representatives and the distribution of malware through various tactics.
For the latest official remediation advice from CrowdStrike and Microsoft’s custom recovery tool for impacted Windows systems, you can monitor the related webpages provided in the meeting notes.
In essence, the meeting notes detailed the impact of the CrowdStrike Falcon update, the emergence of the Daolpu malware, and the increased malicious activities targeting the chaotic situation caused by the update.