CrowdStrike identified a spear-phishing attempt distributing a bogus CrowdStrike Crash Reporter installer targeting German users after a Falcon Sensor update crisis.
The fraudulent website uses JavaScript posing as JQuery to deobfuscate the installer, which includes CrowdStrike branding, German text, and a required password for malware installation.
The campaign is sophisticated with a password-protected installer aimed at specific entities, utilizing German language to target CrowdStrike customers, and employing anti-forensic techniques.
The threat actor's actions demonstrate a keen understanding of operational security (OPSEC) practices, focusing on evading detection and maintaining anonymity during the attack.
[
Collection
]
[
|
...
]