All news with #oysterloader tag

Rhysida Ransomware Abuses Microsoft Code-Signing Trust

🔒Rhysida, a known enterprise-focused ransomware gang, is distributing malware via malvertising on Microsoft's Bing that redirects users to fake download pages for common tools such as Microsoft Teams, PuTTY, and Zoom. Victims who download receive an initial access trojan called OysterLoader, which establishes a persistent backdoor and is signed with Microsoft-like certificates to appear legitimate. The campaign pairs obfuscation/packing to lower static detection with trusted code signing to bypass allow-lists and AV. Experts urge behavior-based EDR, certificate pinning, DNS filtering, and tighter certificate oversight.