Cybersecurity researchers have discovered a malicious campaign that uses SEO-optimized phoney landing pages to propagate the Oyster malware loader.
Security experts at Arctic Wolf unearthed that threat actors have designed numerous landing sites that mimic two well-known Windows tools for securely connecting to remote servers: PuTTY and WinSCP.
People who search for these tools on Google (primarily IT, cybersecurity, and web development professionals) can be duped into visiting the fraudulent website because these pages seem exactly like their authentic equivalents. Since nothing on the sites would raise their suspicions, users might download the tool, which would perform as intended but would also deliver Oyster, a well-known malware loader also known as Broomstick or CleanUpLoader.
“Upon execution, a backdoor known as Oyster/Broomstick is installed,” Arctic Wolf noted. “Persistence is established by creating a scheduled task that runs every three minutes, executing a malicious DLL (twain_96.dll) via rundll32.exe using the DllRegisterServer export, indicating the use of DLL registrati
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: