~Sekoia~
A multi-stage loader using custom encryption and steganography to deliver payloads like Rhysida ransomware.
-
IOCs: 85. 239. 53. 66, 51. 222. 96. 108, 135. 125. 241. 45
-
#OysterLoader #Rhysida #ThreatIntel
#OysterLoader (aka #Broomstick or #Cleanup) is not just another downloader. Often serving as a precursor to #Rhysida #ransomware campaigns or distributing commodity malware such as #Vidar, this threat has evolved significantly as we enter 2026.
blog.sekoia.io/oysterloader...
#Reverse
⚠️ Fake ads. Real danger.
Hackers are pushing OysterLoader malware through fake PuTTY & Teams ads on Bing.
Protect your business before it’s too late.
🌐 technijian.com
#CyberSecurity #Malvertising #OysterLoader #Ransomware #ITSecurity #PuTTY #BingAds #CyberAttack #AIThreatDetection #OrangeCountyIT
Rhysida runs Bing malvertising to push fake installers (Teams, PuTTy) delivering OysterLoader; samples are packed and code-signed for low VT detections and persistent backdoor delivery. #Rhysida #malvertising #OysterLoader https://bit.ly/3WA83X9
This 2025 campaign shows major escalation — 40+ code-signing certs used, 200+ revoked by Microsoft. The gang also pushes Latrodectus malware via similar tactics. Rhysida’s malvertising ops are growing bolder & more dangerous.
#APT #Rhysida #OysterLoader #CyberThreat
