Researchers from Rapid7 recently uncovered a sophisticated malvertising campaign that exploits unsuspecting users searching for popular software downloads. This campaign specifically targets users seeking legitimate applications like Google Chrome and Microsoft Teams, leveraging fake software installers to distribute the Oyster backdoor, also known as Broomstick.
“Rapid7 observed that the websites were masquerading as Microsoft Teams websites, enticing users into believing they were downloading legitimate software when, in reality, they were downloading the threat actor’s malicious software,” said the report.
How the Malvertising Campaign Works
The modus operandi of this campaign involves luring users to malicious websites. The threat actors create typo-squatted sites that closely mimic legitimate platforms. For instance, users searching for Microsoft Teams might inadvertently land on a fake Microsoft Teams download page. These malicious websites host supposed software installers, enticing users to download and install the application.
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: