Security News > 2024 > July > Beware of fake CrowdStrike domains pumping out Lumma infostealing malware

Beware of fake CrowdStrike domains pumping out Lumma infostealing malware
2024-07-25 22:30

CrowdStrike is the latest lure being used to trick Windows users into downloading and running the notorious Lumma infostealing malware, according to the security shop's threat intel team, which spotted the scam just days after the Falcon sensor update fiasco.

Lumma is a relatively popular stealer that has been in high demand among ransomware crews since 2022.

In the CrowdStrike campaign, the Lumma build timestamp "Indicates the actor highly likely built the sample for distribution the day after the single content update for CrowdStrike's Falcon sensor was identified," the security shop noted.

"Based on the shared infrastructure between the campaigns and apparent targeting of corporate networks, CrowdStrike Intelligence assesses with moderate confidence that the activity is likely attributable to the same unnamed threat actor," the CrowdStrike team reports.

The fake CrowdStrike domain attempts to trick users into clicking on and fetching a.zip file purporting to be a recovery tool to fix the boot loop caused by the bad sensor update.

Just hours after CrowdStrike's dodgy sensor update sent Windows machines into a BSOD spiral, reports surfaced of scam emails using the outage as a lure and claiming to come from CrowdStrike Support or CrowdStrike Security.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/25/crowdstrike_lumma_infostealer/