Attacks using malicious installers for Microsoft Teams, Google Chrome, and other widely used software have been launched to facilitate the delivery of the Oyster backdoor, also known as Broomstick, as part of a new malvertising campaign, The Hacker News reports.
Intrusions involved luring targets to download a setup binary from legitimate-looking fraudulent websites that directly deploys the Oyster malware, marking a change from the previous usage of a dedicated loader for the payload, according to an analysis from Rapid7.
Aside from executing the malware with host data exfiltration, command-and-control communication, and remote code execution capabilities, attacks also entailed the installation of legitimate Microsoft Teams software and a PowerShell script to evade detection and ensure persistence, respectively, researchers said. Such findings follow a report by Symantec detailing a Rogue Raticate phishing campaign involving the utilization of malicious PDFs for NetSupport RAT delivery, as well as another EclecticIQ report regarding the new ONNX Store phishing-as-a-service platform that uses Microsoft 365 login interface-spoofing pages.