Network Security

Malvertising campaign deploys Oyster backdoor via trojanized software installers

Share
The New York Daily News website and Metacafe website were among the sites serving malvertisements, according to Malwarebytes researchers. Read more

Attacks using malicious installers for Microsoft Teams, Google Chrome, and other widely used software have been launched to facilitate the delivery of the Oyster backdoor, also known as Broomstick, as part of a new malvertising campaign, The Hacker News reports.

Intrusions involved luring targets to download a setup binary from legitimate-looking fraudulent websites that directly deploys the Oyster malware, marking a change from the previous usage of a dedicated loader for the payload, according to an analysis from Rapid7.

Aside from executing the malware with host data exfiltration, command-and-control communication, and remote code execution capabilities, attacks also entailed the installation of legitimate Microsoft Teams software and a PowerShell script to evade detection and ensure persistence, respectively, researchers said. Such findings follow a report by Symantec detailing a Rogue Raticate phishing campaign involving the utilization of malicious PDFs for NetSupport RAT delivery, as well as another EclecticIQ report regarding the new ONNX Store phishing-as-a-service platform that uses Microsoft 365 login interface-spoofing pages.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.