Subj : Scammers are flooding the internet with CrowdStrike typosquatting To : All From : TechnologyDaily Date : Wed Jul 24 2024 20:00:05 Scammers are flooding the internet with CrowdStrike typosquatting scams and fake repair manuals Date: Wed, 24 Jul 2024 18:40:17 +0000 Description: Be careful how you fix your CrowdStrike problem - there are many fake solutions out there, experts warn. FULL STORY ====================================================================== Hackers are using the fallout from the recent CrowdStrike incident to target people looking for a fix with malware - and experts have warned some are quite creative in their campaigns, since on the surface it really seems as if theyre helping fix the problem. Crowdstrike says it observed a phishing campaign, in which crooks are sharing a document called New_Recovery_Tool_to_help_with_CrowdStrike_issue_impacting_Windows.docm, BleepingComputer reports. When opened, the document shows a copy of a Microsoft support bulletin that instructs the reader on how to use the new Microsoft Recovery Tool - which should automatically delete the flawed CrowdStrike driver from the Windows PC. Infected with Daolpu However, the document is also laden with macros that ultimately deliver an infostealer. A macro is a feature in Microsoft Office that helps automate repetitive tasks. Throughout the years it was abused to deliver malware to that extent that Microsoft essentially killed the feature. In this instance, however, the crooks are still using macros to install an infostealer called Daolpu. This malware steals account credentials, browser history, and authentication cookies stored in Chrome, Edge, Firefox. It also steals information stored in Cc Cc - a web browser popular in Vietnam, which BleepingComputer argues could point to the threat actors origins, or at least location. CrowdStrike pushed a faulty update that bricked many Windows PCs around the world and forced them into an infinite boot loop. Many major organizations, including banks, airlines, and television stations, were unable to operate as a result. Unsurprisingly to anyone, this event brought cybercriminals out of the woodwork, using it as an opportunity to compromise devices, steal sensitive information, and possibly steal money, too. The US Cybersecurity and Infrastructure Security Agency (CISA) has also warned of an ongoing phishing campaign , telling users to avoid clicking on phishing emails or suspicious links. CISA says it has already observed multiple campaigns in which crooks either impersonated CrowdStrike, or presented themselves as IT pros capable of quickly fixing the problem. In at least one of such emails, the fraudsters asked for money in cryptocurrencies, in exchange for a fix. A separate warning from AnyRun highlighted a malware campaign targeting BBVA bank customers offering a fake CrowdStrike Hotfix update that actually installs the Remcos remote access tool (RAT). More from TechRadar Pro Microsoft believes 8.5 million devices were affected by CrowdStrike update outage Here's a list of the best malware removal tools around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/scammers-are-flooding-the-internet-with -crowdstrike-typosquatting-scams-and-fake-repair-manuals --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .