Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity via Spearphishing Website

CrowdStrike Intelligence identified a targeted spearphishing campaign in July 2024 that delivered a malicious InnoSetup installer disguised as a CrowdStrike Crash Reporter via a website impersonating a German entity. This campaign exploited a vulnerability in CrowdStrike's Falcon sensor update affecting Windows systems and used sophisticated anti-forensic techniques, including timestomping and obfuscation, to evade detection. The spearphishing page, which required a password likely known only to specific targets, used German-language prompts and incorporated CrowdStrike branding, suggesting a focus on German-speaking customers. CrowdStrike recommends only using updates from official channels, verifying website certificates, and training users to avoid untrusted file executions to mitigate such threats.