Subj : Beware - ransomware gang is tricking victims with fake Microsoft To : All From : TechnologyDaily Date : Mon Nov 03 2025 16:45:08 Beware - ransomware gang is tricking victims with fake Microsoft Teams ads Date: Mon, 03 Nov 2025 16:35:00 +0000 Description: Don't trust ads just because they're on a reputable network - sometimes they're tainted too. FULL STORY ======================================================================Rhysida spoofed Microsoft Teams ads on Bing to deliver malware via fake download pages Victims received OysterLoader and Latrodectus, which deploy ransomware, backdoors, and infostealers Group operates on RaaS model; past targets include airports, libraries, and U.S. school districts Security researchers have once again found poisoned ads on popular ad networks, spoofing major brands to deliver all sorts of nasties. Experts at Expel spotted a new malware distribution campaign conducted by the Rhysida ransomware group which apparently began in June 2025, and is still ongoing at press time. For the campaign, Rhysidas operatives created landing pages to imitate download sites for Microsoft Teams, one of the worlds most popular online collaboration platforms. Then, they set up new ads on Microsofts Bing search engine to promote these pages. Abusing .LNK files Victims who would search for Microsoft Teams via Bing would likely see an ad at the top of their search engine results page and, given Microsofts and Bings good standing, would probably trust them enough to click on the links. Then, they would be redirected to a page that is seemingly identical to the actual Teams download page, but with a big difference - this one deploys two pieces of malware: OysterLoader, and Latrodectus. Both Latrodectus and OysterLoader are, as the latters name suggests, a loader, delivering different stage-two malware depending on the attackers needs at any given time. That can include infostealers, backdoors, various remote access trojans, and most notably - ransomware In fact, the Rhysida group is a famous ransomware operator. It works on a RaaS principle - developing and maintaining the encryptor, while its affiliates breach their targets networks and deploy the malware - for a share of the profits. There had been several notable breaches attributed to the Rhysida gang including the 2023 attack on the British Library (when roughly 600GB of files were taken), the 2024 attack on the Seattle-Tacoma International Airport, as well as multiple attacks on government and education organizations (City of Columbus, multiple US school districts and institutions, and more). Via The Register Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button! And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too. ====================================================================== Link to news story: https://www.techradar.com/pro/security/ransomware-gang-tricks-victims-with-fak e-microsoft-teams-ads --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .