Threat Actors Taking Advantage of CrowdStrike BSOD Bug to Deliver Malware

Threat actors have been found exploiting a recently discovered bug in CrowdStrike’s software that causes a Blue Screen of Death (BSOD) on affected systems.

This vulnerability has given cybercriminals a unique opportunity to spread malware, posing significant risks to users and organizations relying on CrowdStrike for cybersecurity.

The Malicious Lure

Zscaler ThreatLabz, a prominent cybersecurity research group, tweeted that it has identified a sophisticated lure that leverages this BSOD bug.

The lure is a Microsoft Word document ostensibly containing instructions on how to recover from the BSOD issue. However, this document is far from harmless.

It includes a malicious macro that, when enabled by the unsuspecting user, initiates the download of information-stealing malware from a remote server.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

The malicious macro connects to the URL hxxp://172.104.160[.]126:8099/payload2.txt to download the malware. This information stealer is designed to evade detection by many antivirus solutions, making it particularly dangerous.

Once installed, the malware begins its nefarious activities, compromising the security and privacy of the affected system.

Data Exfiltration via HTTP POST Requests

The primary function of the downloaded malware is to steal sensitive information from the infected system. This stolen data is then exfiltrated via HTTP POST requests to the IP address 172.104.160[.]126:5000.

Cybercriminals commonly use HTTP POST requests for data exfiltration, as this tactic can often bypass traditional network security measures.

The specific types of data this malware targets have not been disclosed, but information stealers typically aim to harvest credentials, financial information, personal data, and other valuable assets.

The implications of such data breaches are severe, potentially leading to identity theft, financial loss, and further cyberattacks.

In response to this threat, cybersecurity experts urge users and organizations to exercise extreme caution with unsolicited documents, particularly those claiming to offer solutions to known issues like the CrowdStrike BSOD bug.

It is crucial to disable macros in Microsoft Office documents unless necessary and to verify the authenticity of any recovery instructions through official channels.

CrowdStrike has been notified of this exploitation, and users are advised to stay updated with the company’s latest patches and security advisories.

Additionally, robust endpoint protection and network monitoring can help detect and mitigate such threats.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

ClickFix Exploits GMeet & Zoom Pages to Deliver Sophisticated Malware

A new tactic, "ClickFix," has emerged. It exploits fake Google Meet and Zoom pages to…

18 hours ago

APT36 Hackers Attacking Windows Deevices With ElizaRAT

APT36, a sophisticated threat actor, has been actively targeting Indian entities with advanced malware like…

19 hours ago

Hackers Using AV/EDR Bypass Tool From Cybercrime Forums To Bypass Endpoints

Researchers uncovered two previously unknown endpoints with older Cortex XDR agents that used to test…

19 hours ago

Hackers Created 100+ Fake Web Stores To Steal Millions Of Dollars From Customers

The Phish, 'n' Ships fraud operation leverages, compromised websites to redirect users to fake online…

19 hours ago

Google Patched 40 Security Vulnerabilities Along With Two Zero-Days

Google has released a batch of security updates addressing 40 vulnerabilities, two of which are…

22 hours ago

Threat Actor IntelBroker Claims Leak of Nokia’s Source Code

The threat actor known as IntelBroker, in collaboration with EnergyWeaponUser, has claimed responsibility for a…

24 hours ago