Security News > 2024 > July > Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware
![Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware](/static/build/img/news/cybercriminals-exploit-crowdstrike-update-mishap-to-distribute-remcos-rat-malware-medium.jpg)
Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a hotfix.
The attack chains involve distributing a ZIP archive file named "Crowdstrike-hotfix.zip," which contains a malware loader named Hijack Loader that, in turn, launches the Remcos RAT payload. Specifically, the archive file also includes a text file with Spanish-language instructions that urges targets to run an executable file to recover from the issue.
"Notably, Spanish filenames and instructions within the ZIP archive indicate this campaign is likely targeting Latin America-based CrowdStrike customers," the company said, attributing the campaign to a suspected e-crime group.
On Friday, CrowdStrike acknowledged that a routine sensor configuration update pushed to its Falcon platform for Windows devices on July 19 at 04:09 UTC inadvertently triggered a logic error that resulted in a Blue Screen of Death, rendering numerous systems inoperable and sending businesses into a tailspin.
The event impacted customers running Falcon sensor for Windows version 7.11 and above, who were online between 04:09 and 05:27 a.m. UTC. Malicious actors have wasted no time capitalizing on the chaos created by the event to set up typosquatting domains impersonating CrowdStrike and advertise services to companies affected by the issue in return for a cryptocurrency payment.
Customers who are impacted are recommended to "Ensure they are communicating with CrowdStrike representatives through official channels and adhere to technical guidance the CrowdStrike support teams have provided."
News URL
https://thehackernews.com/2024/07/cybercriminals-exploit-crowdstrike.html
Related news
- Fake CrowdStrike updates target companies with malware, data wipers (source)
- Europol identifies 8 cybercriminals tied to malware loader botnets (source)
- Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware (source)
- Andariel Hackers Target South Korean Institutes with New Dora RAT Malware (source)
- Hackers Exploit Legitimate Packer Software to Spread Malware Undetected (source)
- New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems (source)
- Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware (source)
- Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer (source)
- Baddies hijack Korean ERP vendor's update systems to spew malware (source)
- DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign (source)