CrowdStrike warns of a new malware campaign that exploits the recent Falcon update bug, leading to widespread IT outages. Cybercriminals are distributing the Daolpu information-stealing malware through phishing emails disguised as recovery instructions. Once active, Daolpu harvests account credentials, browser history, and cookies from popular web browsers, posing a significant security risk. The malicious document mimics a Microsoft recovery manual but contains macros that download and execute the malware on compromised systems.
The malware targets Chrome, Edge, Firefox, and Cốc Cốc browsers, collecting sensitive data and sending it to a remote server. CrowdStrike emphasizes the importance of verifying communications and following only trusted sources for recovery instructions. As cybercriminals continue to exploit the situation, users must remain vigilant and employ recommended detection measures, including CrowdStrike’s YARA rule to identify attack artifacts.