Daolpu: New Malware Exploits CrowdStrike Falcon Update Chaos

By -

Following the recent events with the CrowdStrike Falcon update, a new threat has surfaced: cybercriminals are taking advantage of the confusion to distribute a malware disguised as a fix called Daolpu. 

Disguised as a recovery manual that claims to fix the update issues, this malware poses a serious risk to users globally. For a deep dive into the Falcon update and its aftermath, check out the full article here.

Here's what you need to know to protect your systems and data from this new possible fallout.


Spotting the Fake Recovery Manual

 

A new campaign is being run through phishing emails that pretend to be instructions for a Recovery Tool designed to fix Windows devices affected by the recent CrowdStrike Falcon crashes.


According to CrowdStrike the crooks are sharing a document called: ‘New_Recovery_Tool_to_help_with_CrowdStrike_issue_impacting_Windows.docm,’.

When opened, the document shows a copy of a Microsoft support bulletin that instructs the reader on how to use the new Microsoft Recovery Tool - which should automatically delete the flawed CrowdStrike driver from the Windows PC.

 

Malicious document promoting new Windows recovery tool
 

How Daolpu Works?

 

While in originality, this document contains macros that, when enabled, download a base64-encoded DDL file from an external resource and drops it to '% TMP%mscorsvc.dll.'

The macros then uses Windows certutil to decode the base64-encoded DLL, which is executed to launch the Daolpu stealer on the compromised device. Daolpu terminates all running Chrome processes and then attempts to collect login data and cookies saved on Chrome, Edge, Firefox, and other Chromium browsers.

Reports confirm that it also targets Cốc Cốcm, a web browser primarily used in Vietnam, possibly indicating the malware's origin.

The stolen data is temporarily saved to '%TMP%\result.txt,' and then wiped after it's sent back to the attackers at their C2 server using the URL 'http[:]//172.104.160[.]126:5000/Uploadss'.

 

Malicious macros to install Daolpu stealer

 

Protective Measures

 

As of now, a guide on a dedicated fix for Daolpu malware is not widely available. However, some general protective measures include:

  1. Make sure you only interact with CrowdStrike representatives through their official communication channels and follow their technical guidance.
  2. Look for certificates of websites from which you download software to ensure they are legitimate.
  3. Train users to avoid opening files from unknown or untrusted sources.
  4. Adjust your browser settings to enable download protection that can warn you about potentially harmful websites or files.
  5. Search for the file result.txt in the %TMP% directory, as its presence might indicate a Daolpu infection.

 

Daolpu is just the latest addition in a series of cyberattacks exploiting the chaos from the recent CrowdStrike Falcon update.

Alongside Daolpu, other malicious activities have emerged, including data wipers from the pro-Iranian hacktivist group 'Handala' and HijackLoader, which disguises the Remcos RAT as a CrowdStrike hotfix.


To stay ahead of emerging threats, look no further than RobustIT. Explore cybersecurity courses and solutions at RobustIT Training and Cyber Webinar.

 

 

 

Comments

Post a Comment

Popular posts from this blog

Navigating the Future of Software Development: Choosing Your Path with Traditional, DevOps, and NoOps

By -
Image
     In the ever-evolving realm of software development, finding the right path is key to success. Traditional methods, DevOps, and NoOps represent distinct routes to creating robust software solutions. As we delve into these approaches, it becomes evident that learning cloud computing services is an essential aspect of modern software development. Robust IT, a leading learning institute, empowers you to master cloud services like Azure and AWS, coupled with AI and machine learning. Let's explore how these methodologies intersect and why embracing cloud technology is crucial for your IT career. Image sources from: ByteByteGo Traditional SDLC: The Familiar Waterfall Traditional software development, akin to a waterfall, flows through sequential phases—planning, design, development, testing, deployment, and maintenance. While offering stability and predictability, the traditional SDLC can be slow and inflexible. Changes in one phase may cascade challenges downstream, making it less a
Read more

Transformational Power of AI and tools to increase your productivity.

By -
Image
Image generated via DALL-E 3 In recent years, artificial intelligence (AI) has garnered significant attention, and rightfully so. AI has the potential to revolutionize various aspects of our lives, making them more efficient, accessible, and impactful. While concerns have been raised about AI, including its use in government decision-making and the potential for discrimination, it's essential to recognize the transformative and positive impact AI can have on the world. In this blog, we'll explore the ways in which AI can change the world for the better. 1. Healthcare Advancements AI is poised to make ground-breaking strides in the field of healthcare. From improving diagnosis accuracy to streamlining patient care, AI has the potential to save lives and reduce the burden on healthcare systems. Medical professionals can use AI algorithms to analyse complex medical data, aiding in early disease detection and personalized treatment plans. In addition, AI-driven tele-medicine platfo
Read more

Navigate Your Career with Cyber Security Training

By -
Image
Cyber Security Training with Robust IT 1. Introduction In today's digital era, the significance of cyber security has skyrocketed. With businesses and individuals alike becoming increasingly dependent on digital platforms, the threat landscape continues to evolve, making the role of cyber security professionals more crucial than ever. The burgeoning demand for cyber security expertise has led to a plethora of training programs designed to equip individuals with the skills needed to thwart cyber threats. Among the leading providers of cyber security training is Robust IT Training. At Robust IT Training, a variety of cyber security courses are offered, providing a stepping stone for individuals keen on forging a career in this domain. The training programs are meticulously crafted to cater to both novices and seasoned professionals, ensuring a comprehensive understanding of cyber security principles. 2. Cyber Security Training Packages Robust IT Training offers a  Beginner Cyber Secu
Read more