Cybercriminals used the chaos caused by CrowdStrike on Friday to spread the Remcos RAT malware

marry 22.07.2024, 12:00 PM

Friday, July 19, will be remembered by technical problems around the world, the largest in recent history, which were the result of a failed CrowdStrike Falcon® software update for Windows. Now the company responsible for that global technical chaos warns that cybercriminals are trying to take advantage of the situation and release the Remcos RAT malware as an emergency update.

These attempts have been observed so far only in Latin America.

The attack chain starts with a ZIP file called “crowdstrike-hotfix.zip” that contains the Hijack Loader (DOILoader or IDAT Loader) malware that loads the Remcos RAT. The ZIP file contains “instrucciones.txt” with instructions in Spanish that encourage victims to run the “setup.exe” file to supposedly fix the problem.

On Friday, CrowdStrike confirmed that a routine Falcon sensor configuration update for Windows devices caused a logic error that resulted in a blue screen of death (BSoD), rendering numerous systems inoperable. The incident affected users using Falcon Sensor for Windows version 7.11 and later.

Cybercriminals wasted no time and took advantage of the chaos caused by the incident, so fake CrowdStrike sites appeared that offered services to users affected by the incident to be paid for with cryptocurrency.

Affected customers are advised to “communicate with CrowdStrike representatives through official channels and follow the technical instructions provided by CrowdStrike’s support teams.”

Microsoft, which is working with CrowdStrike to repair the damage, said technical problems disabled 8.5 million Windows devices globally, or less than one percent of all Windows PCs. Mac and Linux devices were not affected.

The US Cyber ​​Defense Agency, UK’s National Cyber ​​Security Center and Australia’s National Anti-Fraud Center have issued warnings for users to be cautious and that scams related to this incident are possible. It has been warned about possible phishing emails, calls from fake technical support and fake offers of repair services.

Photo: Anna Tarazevich | Pexels