Security News > 2024 > July > Fake CrowdStrike updates target companies with malware, data wipers
Threat actors are exploiting the massive business disruption from CrowdStrike's glitchy update on Friday to target companies with data wipers and remote access tools.
In an update today, CrowdStrike says that it "Is actively assisting customers" impacted by the recent content update that crashed millions of Windows hosts worldwide.
"I encourage everyone to remain vigilant and ensure that you're engaging with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates" - George Kurtz, CrowdStrike CEO. The U.K. National Cyber Security Center also warned that it observed an increase in phishing messages aiming to take advantage of the outage.
Automated malware analysis platform AnyRun noticed "An increase in attempts at impersonating CrowdStrike that can potentially lead to phishing" [1, 2, 3]. Malware cloaked as fixes and updates.
In another warning, AnyRun announced that attackers were also distributing a data wiper under the pretense of delivering an update from CrowdStrike.
The malware analysis platform notes that cybercriminals started to spread other type of malware posing as CrowdStrike updates or bug fixes.