Beware - Ransomware Gang Is Tricking Victims with Fake Microsoft Teams Ads
Why It Matters
The attack exploits the trust of Microsoft’s brand and Bing’s ad platform, expanding the attack surface for ransomware distribution and threatening enterprises and public institutions. It underscores the need for heightened ad‑network security and user vigilance against counterfeit software downloads.
Summary
Security researchers at Expel have uncovered a new ransomware distribution campaign by the Rhysida gang that uses spoofed Microsoft Teams ads on Bing to lure victims to counterfeit download pages. The pages deploy two loader malware families, OysterLoader and Latrodectus, which can deliver infostealers, backdoors, RATs, and ransomware. Rhysida operates a ransomware‑as‑a‑service model, with affiliates deploying the payloads, and has previously hit high‑profile targets such as the British Library and Seattle‑Tacoma International Airport. The campaign began in June 2025 and remains active.
Beware - ransomware gang is tricking victims with fake Microsoft Teams ads
Comments
Want to join the conversation?
Loading comments...