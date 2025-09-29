Windows devices are being compromised with the Oyster backdoor through bogus Microsoft Teams installers spread in a new malvertising and SEO poisoning campaign, reports BleepingComputer

Attackers have laced search results for "Teams download" with a nefarious entry redirecting to the spoofed Teams download site 'teams-install[.]top', findings from Blackpoint SOC revealed. Downloading and executing the "MSTeamsSetup.exe" file from the site would prompt the deployment of a nefarious DLL that ensures persistence and installs the Oyster malware, which is also known as CleanUpLoader and Broomstick.

Such a development comes two years after the initial emergence of Oyster malware, which has since been used to enable command execution and further payload delivery.

"This activity highlights the continued abuse of SEO poisoning and malicious advertisements to deliver commodity backdoors under the guise of trusted software. Much like the fake PuTTY campaigns observed earlier this year, threat actors are exploiting user trust in search results and well-known brands to gain initial access," said Blackpoint researchers.