Microsoft disrupts ransomware attacks targeting Teams users www.bleepingcomputer.com/news/micr…

Microsoft has disrupted a wave of Rhysida ransomware attacks in early October by revoking over 200 certificates used to sign malicious Teams installers.

These attacks were part of a late September malvertising campaign that used search engine ads and SEO poisoning to push fake Microsoft Teams installers that backdoored Windows devices with Oyster malware (also known as Broomstick and CleanUpLoader).

The ads and the domains led to websites that impersonated the Microsoft Teams download site. Clicking the prominently displayed download link downloads a file named “MSTeamsSetup.exe,” the same filename used by the official Teams installer.