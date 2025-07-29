Attacks this month involved a lure that resulted in the download of a malicious PuTTy version signed with a revoked certificate that allowed DLL payload execution through rundll32.exe and persistence via the "FireFox Agent INC" scheduled task, noted a report from the CyberProof Research Team, which detailed the successful thwarting of the backdoor. Such findings come after the campaign's discovery by Arctic Wolf researchers in early June. Organizations have been recommended to not only bolster threat hunting activities and require direct navigation to vendors' sites or internal repositories but also adopt domain blocking and indicator-based hunting queries to prevent possible data breaches or ransomware intrusions stemming from SEO poisoning or malvertising campaigns.
Trojanized IT utilities leveraged to spread Oyster backdoor
Widely used IT utilities, including PuTTY and WinSCP, have been continuously trojanized to distribute the Oyster backdoor as part of an advanced SEO poisoning campaign initially detected last month, according to GBHackers News.
Attacks this month involved a lure that resulted in the download of a malicious PuTTy version signed with a revoked certificate that allowed DLL payload execution through rundll32.exe and persistence via the "FireFox Agent INC" scheduled task, noted a report from the CyberProof Research Team, which detailed the successful thwarting of the backdoor. Such findings come after the campaign's discovery by Arctic Wolf researchers in early June. Organizations have been recommended to not only bolster threat hunting activities and require direct navigation to vendors' sites or internal repositories but also adopt domain blocking and indicator-based hunting queries to prevent possible data breaches or ransomware intrusions stemming from SEO poisoning or malvertising campaigns.
