After a massive outage affected Windows users worldwide, CrowStrike warns of a phishing attack using a malicious Crash Reporter to target users in Germany.
CrowdStrike alerted users on its website that it had identified a spear-phishing attack that was distributing a fake CrowdStrike Crash Reporter installer containing malware most likely targeting German users.
The unidentified threat actor impersonated a German entity with a bogus website and used CrowdStrike’s official branding. Crowdstrike underlines that Crash Reporter software was not developed by the company or distributed through official communication channels.
The company's Counter Adversary Operations team explains that after the user clicks the Download button, the website uses JavaScript disguised as JQuery v3.7.1 to download and decode the installer. The installer features CrowdStrike branding and German localization and requires a password to proceed with the malware installation.
The imposter website is said to have been created on July 20th, 2024, a day after the Falcon Sensor update crashed Windows around the globe.
The outage has affected numerous businesses and 8.5 million Windows systems worldwide, including delays and cancelations of up to 800 flights, interrupted financial transactions and medical procedures.
According to the company, the widespread outage on July 19th was caused by a single defect in a recent CrowdStrike Falcon Sensor update, the company’s endpoint management system. The update caused Windows systems to crash and show the infamous ‘Blue Screen of Death.’
The failed Falcon Sensor update has affected all customers with "Microsoft Windows hosts impacting Windows 10 and later systems.
While most of the systems are back online, insurance industry analysts are tallying up the cost of company losses from last week's CrowdStrike outage, with a price tag ranging from less than half a million to over 1 billion dollars.
Your email address will not be published. Required fields are markedmarked