Saturday, February 8, 2025
Homecyber securityThreat Actors Taking Advantage of CrowdStrike BSOD Bug to Deliver Malware

Threat Actors Taking Advantage of CrowdStrike BSOD Bug to Deliver Malware

Published on

SIEM as a Service

Follow Us on Google News

Threat actors have been found exploiting a recently discovered bug in CrowdStrike’s software that causes a Blue Screen of Death (BSOD) on affected systems.

This vulnerability has given cybercriminals a unique opportunity to spread malware, posing significant risks to users and organizations relying on CrowdStrike for cybersecurity.

The Malicious Lure

Zscaler ThreatLabz, a prominent cybersecurity research group, tweeted that it has identified a sophisticated lure that leverages this BSOD bug.

The lure is a Microsoft Word document ostensibly containing instructions on how to recover from the BSOD issue. However, this document is far from harmless.

It includes a malicious macro that, when enabled by the unsuspecting user, initiates the download of information-stealing malware from a remote server.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

The malicious macro connects to the URL hxxp://172.104.160[.]126:8099/payload2.txt to download the malware. This information stealer is designed to evade detection by many antivirus solutions, making it particularly dangerous.

Once installed, the malware begins its nefarious activities, compromising the security and privacy of the affected system.

Data Exfiltration via HTTP POST Requests

The primary function of the downloaded malware is to steal sensitive information from the infected system. This stolen data is then exfiltrated via HTTP POST requests to the IP address 172.104.160[.]126:5000.

Cybercriminals commonly use HTTP POST requests for data exfiltration, as this tactic can often bypass traditional network security measures.

The specific types of data this malware targets have not been disclosed, but information stealers typically aim to harvest credentials, financial information, personal data, and other valuable assets.

The implications of such data breaches are severe, potentially leading to identity theft, financial loss, and further cyberattacks.

In response to this threat, cybersecurity experts urge users and organizations to exercise extreme caution with unsolicited documents, particularly those claiming to offer solutions to known issues like the CrowdStrike BSOD bug.

It is crucial to disable macros in Microsoft Office documents unless necessary and to verify the authenticity of any recovery instructions through official channels.

CrowdStrike has been notified of this exploitation, and users are advised to stay updated with the company’s latest patches and security advisories.

Additionally, robust endpoint protection and network monitoring can help detect and mitigate such threats.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...