Organizations have been warned by CrowdStrike about the proliferation of a phony recovery manual for Windows devices impacted by the massive global IT outage resulting from a faulty update of its Falcon platform that has been used to spread the novel Daolpu information-stealing malware, BleepingComputer reports.
Attackers leveraged phishing emails with a malicious Word attachment having the same text as Microsoft's support bulletin regarding its Recovery Tool for outage-hit devices that contains macros, which when enabled facilitates the download of a DLL file, according to CrowdStrike.
Such DLL file is later decoded by Windows certutil to eventually allow injection of the Daolpu infostealer, which enables the exfiltration of all browser-stored credentials and cookies following process termination, according to CrowdStrike, which also provided a YARA rule and indicators of compromise for the attack.
Further analysis conducted by BleepingComputer revealed that Daolpu may have originated from Vietnam due to its targeting of a browser widely used in the country.