Malware, IT management, Security Management

CrowdStrike Outage Exploited to Spread New Daolpu Infostealer

Share
Privacy concept: pixelated words Malware on digital background, 3d render

Organizations have been warned by CrowdStrike about the proliferation of a phony recovery manual for Windows devices impacted by the massive global IT outage resulting from a faulty update of its Falcon platform that has been used to spread the novel Daolpu information-stealing malwareBleepingComputer reports.

Attackers leveraged phishing emails with a malicious Word attachment having the same text as Microsoft's support bulletin regarding its Recovery Tool for outage-hit devices that contains macros, which when enabled facilitates the download of a DLL file, according to CrowdStrike.

Such DLL file is later decoded by Windows certutil to eventually allow injection of the Daolpu infostealer, which enables the exfiltration of all browser-stored credentials and cookies following process termination, according to CrowdStrike, which also provided a YARA rule and indicators of compromise for the attack.

Further analysis conducted by BleepingComputer revealed that Daolpu may have originated from Vietnam due to its targeting of a browser widely used in the country.

Related Terms

Adware