Cybercriminals are using search engine advertisements and SEO poisoning to distribute a fake Microsoft Teams installer that installs the Oyster backdoor on Windows systems. This malware, also known as Broomstick, provides remote access to infected devices, allowing attackers to run commands and deploy additional payloads. The fraudulent website, designed to look like the official Teams download page, prompts users to download a malicious file named "MSTeamsSetup.exe."
This file is deceptively signed with certificates from seemingly legitimate companies to appear authentic. Once executed, the installer drops a harmful DLL into the user's AppData folder and creates a scheduled task to run it every 11 minutes, ensuring persistence. This campaign mirrors previous attacks that used fake installers for popular software like PuTTY and Google Chrome to breach corporate networks.
The tactic exploits user trust in search results and well-known brands to gain an initial foothold. IT administrators are strongly advised to download software only from official, verified sources and to exercise caution with search engine ads to prevent such compromises.
Read more...