Threat Actors Taking Advantage of CrowdStrike BSOD Bug to Deliver Malware

Threat actors have been found exploiting a recently discovered bug in CrowdStrike’s software that causes a Blue Screen of Death (BSOD) on affected systems.

This vulnerability has given cybercriminals a unique opportunity to spread malware, posing significant risks to users and organizations relying on CrowdStrike for cybersecurity.

The Malicious Lure

Zscaler ThreatLabz, a prominent cybersecurity research group, tweeted that it has identified a sophisticated lure that leverages this BSOD bug.

The lure is a Microsoft Word document ostensibly containing instructions on how to recover from the BSOD issue. However, this document is far from harmless.

It includes a malicious macro that, when enabled by the unsuspecting user, initiates the download of information-stealing malware from a remote server.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

The malicious macro connects to the URL hxxp://172.104.160[.]126:8099/payload2.txt to download the malware. This information stealer is designed to evade detection by many antivirus solutions, making it particularly dangerous.

Once installed, the malware begins its nefarious activities, compromising the security and privacy of the affected system.

Data Exfiltration via HTTP POST Requests

The primary function of the downloaded malware is to steal sensitive information from the infected system. This stolen data is then exfiltrated via HTTP POST requests to the IP address 172.104.160[.]126:5000.

Cybercriminals commonly use HTTP POST requests for data exfiltration, as this tactic can often bypass traditional network security measures.

The specific types of data this malware targets have not been disclosed, but information stealers typically aim to harvest credentials, financial information, personal data, and other valuable assets.

The implications of such data breaches are severe, potentially leading to identity theft, financial loss, and further cyberattacks.

In response to this threat, cybersecurity experts urge users and organizations to exercise extreme caution with unsolicited documents, particularly those claiming to offer solutions to known issues like the CrowdStrike BSOD bug.

It is crucial to disable macros in Microsoft Office documents unless necessary and to verify the authenticity of any recovery instructions through official channels.

CrowdStrike has been notified of this exploitation, and users are advised to stay updated with the company’s latest patches and security advisories.

Additionally, robust endpoint protection and network monitoring can help detect and mitigate such threats.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

9 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

9 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

12 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

15 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

16 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

16 hours ago