"These lures effectively reached enterprise users who rely on search engines to locate software updates," Cyber Press warns. The (now revoked) certificates give "a false sense of legitimacy, making the malicious installers appear safe to download and execute." CyberProof says "since there has been some ties with human operated ransomware groups, we strongly believe and predict this threat cluster will continue to be active through 2026."
"This is just the latest alert that should convince users to avoid installs and updates from anywhere other than official app stores or in-app update links. There was a similar Oyster warning in September, with Blackpoint's SOC "tracking a new campaign where threat actors are abusing SEO poisoning and malvertising to lure users into downloading a fake Microsoft Teams installer. Victims searching for Teams online are redirected to rogue ads and fraudulent download pages.""
Attackers are distributing the Oyster backdoor by luring users to download malicious installers masquerading as Microsoft Teams, Google Meet, PuTTY, WinSCP and other IT tools. SEO poisoning and malvertising redirect users searching for legitimate software to fraudulent download pages and rogue ads. Some malicious installers have used (now revoked) certificates to create a false sense of legitimacy and appear safe to execute. Oyster is modular and multistage, provides persistent remote access, and has ties to human-operated ransomware groups. Users should only install or update software from official app stores or in-app update mechanisms.
Read at Forbes
Unable to calculate read time
Collection
[
|
...
]