Arab Security Consultants

  • Home
  • Courses
    • EC-Council Programs
    • EC-Council iWeek Courses
    • PECB
      • ISO/IEC 27001 Lead Implementer
      • ISO/IEC 27001 Lead Auditor
    • Cyber Book
  • Organized Events
    • Arab Security Conference
    • Arab Security Cyber WarGames
  • Services
    • CodeRed
    • OhPhish
    • Risk Assessment
    • Social Engineering
    • Identity & Access Security
    • Vulnerability Assessment
    • Penetration Testing
  • Training centers
  • EC-Council with ASC
  • News
  • Contact Us
  • Home
  • News
  • Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware

Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware

Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware

by Ayman Hamam / Sunday, 21 July 2024 / Published in News

Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a hotfix.

The attack chains involve distributing a ZIP archive file named “crowdstrike-hotfix.zip,” which contains a malware loader named Hijack Loader (aka DOILoader or IDAT Loader) that, in turn, launches the Remcos RAT payload.

Specifically, the archive file also includes a text file (“instrucciones.txt”) with Spanish-language instructions that urge targets to run an executable file (“setup.exe”) to recover from the issue.

“Notably, Spanish filenames and instructions within the ZIP archive indicate this campaign is likely targeting Latin America-based (LATAM) CrowdStrike customers,” the company said, attributing the campaign to a suspected e-crime group.

On Friday, CrowdStrike acknowledged that a routine sensor configuration update pushed to its Falcon platform for Windows devices on July 19 at 04:09 UTC inadvertently triggered a logic error that resulted in a Blue Screen of Death (BSoD), rendering numerous systems inoperable and sending businesses into a tailspin.

The event impacted customers running Falcon sensors for Windows version 7.11 and above, who were online between 04:09 and 05:27 a.m. UTC.

Malicious actors have wasted no time capitalizing on the chaos created by the event to set up typosquatting domains impersonating CrowdStrike and advertise services to companies affected by the issue in return for a cryptocurrency payment.

Impacted customers are recommended to “ensure they are communicating with CrowdStrike representatives through official channels and adhere to technical guidance the CrowdStrike support teams have provided.”

  • Tweet
Tagged under: CrowdStrike, cyberSecurity, IT disruption, Latin America, Malware, mitigation, official support, Remcos RAT, threat actors, Windows devices.

What you can read next

PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps
FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations
Urgent Chrome update fixes actively exploited zero-day vulnerability

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Home
  • Contact Us
  • Services
  • Training Centers
  • GET SOCIAL

Arab Security Consultants | Copyright © 2023 All rights reserved.

TOP