Cybercriminals are actively distributing malware disguised as popular office tools like Microsoft Teams and Google Meet, primarily targeting individuals in the financial sector. This sophisticated campaign, which has been ongoing since at least mid-November 2025, employs tactics such as SEO poisoning and malvertising to deceive users into downloading malicious software, as reported by HackRead.The attack chain begins by directing victims to malicious websites, often appearing at the top of search results due to SEO poisoning. Users are then tricked into downloading the Oyster backdoor, also known as Broomstick and CleanUpLoader. Attackers are continuously evolving their methods, previously using ads impersonating tools like PuTTY and WinSCP. The current wave leverages fake download pages for communication tools, with fake installers sometimes code-signed to appear legitimate, though many of these certificates have since been revoked. Once executed, the malware drops a malicious file and establishes persistence through a scheduled task, ensuring the backdoor remains active.The Oyster backdoor poses a significant threat, creating a hidden entry point for attackers and has been linked to ransomware groups like Rhysida, impacting corporate networks. Cybersecurity experts predict this threat cluster will remain active through 2026. To mitigate risks, users should always download software directly from official developer websites or trusted app stores and exercise caution with search result ads for downloads.Source: HackRead
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




