Wednesday, May 7, 2025
Homecyber securityThreat Actors Taking Advantage of CrowdStrike BSOD Bug to Deliver Malware

Threat Actors Taking Advantage of CrowdStrike BSOD Bug to Deliver Malware

Published on

SIEM as a Service

Follow Us on Google News

Threat actors have been found exploiting a recently discovered bug in CrowdStrike’s software that causes a Blue Screen of Death (BSOD) on affected systems.

This vulnerability has given cybercriminals a unique opportunity to spread malware, posing significant risks to users and organizations relying on CrowdStrike for cybersecurity.

The Malicious Lure

Zscaler ThreatLabz, a prominent cybersecurity research group, tweeted that it has identified a sophisticated lure that leverages this BSOD bug.

- Advertisement - Google News

The lure is a Microsoft Word document ostensibly containing instructions on how to recover from the BSOD issue. However, this document is far from harmless.

It includes a malicious macro that, when enabled by the unsuspecting user, initiates the download of information-stealing malware from a remote server.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

The malicious macro connects to the URL hxxp://172.104.160[.]126:8099/payload2.txt to download the malware. This information stealer is designed to evade detection by many antivirus solutions, making it particularly dangerous.

Once installed, the malware begins its nefarious activities, compromising the security and privacy of the affected system.

Data Exfiltration via HTTP POST Requests

The primary function of the downloaded malware is to steal sensitive information from the infected system. This stolen data is then exfiltrated via HTTP POST requests to the IP address 172.104.160[.]126:5000.

Cybercriminals commonly use HTTP POST requests for data exfiltration, as this tactic can often bypass traditional network security measures.

The specific types of data this malware targets have not been disclosed, but information stealers typically aim to harvest credentials, financial information, personal data, and other valuable assets.

The implications of such data breaches are severe, potentially leading to identity theft, financial loss, and further cyberattacks.

In response to this threat, cybersecurity experts urge users and organizations to exercise extreme caution with unsolicited documents, particularly those claiming to offer solutions to known issues like the CrowdStrike BSOD bug.

It is crucial to disable macros in Microsoft Office documents unless necessary and to verify the authenticity of any recovery instructions through official channels.

CrowdStrike has been notified of this exploitation, and users are advised to stay updated with the company’s latest patches and security advisories.

Additionally, robust endpoint protection and network monitoring can help detect and mitigate such threats.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by...

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by...

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution,...