The Scam Strikes Back: Exploiting the CrowdStrike Outage

Following a CrowdStrike Falcon outage, attackers and scammers rapidly deployed multiple malicious campaigns impersonating CrowdStrike remediation tools: document-macro stealer (downloads via curl/certutil, infostealer DLL), PDF-delivered wipers, and Remcos RAT delivered through zip/Hijack Loader; numerous spoofed domains and cryptocurrency wallets were registered and active. The report includes infection chains, sample malware hashes, a large list of malicious or suspicious domains, and advises consumer vigilance while pointing enterprises to CrowdStrike’s official remediation guidance.