Cyber offenders Utilize CrowdStrike Upgrade Error to Spread Remcos RAT Malware
The cybersecurity company CrowdStrike, currently under fire for triggering global IT interruptions due to releasing a defective update to Windows devices, is now cautioning that perpetrators are using the incident to disseminate Remcos RAT to its clientele in Latin America under the pretense of providing a patch.
The assault sequences entail circulating a ZIP archive file labelled “crowdstrike-hotfix.zip,” containing a malicious loader known as Hijack Loader (or also known as DOILoader or IDAT Loader), which then triggers the Remcos RAT payload.
Notably, the archive file also contains a text file (“instrucciones.txt”) with instructions in Spanish, instructing targets to execute a program (“setup.exe”) to address the issue.
“The Spanish filenames and instructions present in the ZIP archive suggest that this campaign is probably aimed at CrowdStrike customers based in Latin America (LATAM),” the corporation stated, attributing the campaign to an alleged e-crime faction.
On Friday, CrowdStrike acknowledged that an ordinary sensor setup update transmitted to its Falcon platform for Windows devices on July 19 at 04:09 UTC accidentally triggered a logic flaw causing a system crash, rendering many systems unusable and causing businesses significant disruption.
The incident impacted clients running Falcon sensor for Windows version 7.11 and above, who were online between 04:09 and 05:27 a.m. UTC.
Malignant agents have promptly taken advantage of the turmoil generated by the incident to create deceptive domains mimicking CrowdStrike and promoting services to companies affected by the problem in exchange for a cryptocurrency payment.
Affected customers are advised to “ensure they are communicating with CrowdStrike representatives through official channels and adhere to technical guidance the CrowdStrike support teams have provided.”
About Author
