Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
released on 2024-07-31 @ 10:47:19 AM
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which contained CrowdStrike branding, German localization, and a password requirement. The actor employed anti-forensic techniques like subdomain registration and timestomping, indicating targeted, operational security-conscious behavior.