Hackers Distribute Malicious Microsoft Teams Build to Steal Remote Access

Cybersecurity researchers have identified a sophisticated campaign where threat actors are using malicious advertisements and search engine optimization poisoning to distribute fake Microsoft Teams installers containing the Oyster backdoor malware.

The campaign targets users searching for legitimate Microsoft Teams downloads through search engines.

When users search for terms like “teams download,” they encounter fraudulent sponsored advertisements that closely mimic official Microsoft download pages.

These malicious ads redirect victims to spoofed websites hosting trojanized installers disguised as legitimate Teams software.

One identified attack domain, teams-install[.]top, served malicious MSTeamsSetup.exe files to unsuspecting users.

The fake installers appear authentic and even include digital signatures from entities like “4th State Oy” and “NRM NETWORK RISK MANAGEMENT INC” to bypass basic security checks and reduce user suspicion.

Oyster Backdoor Deployment

Upon execution, the malicious installer deploys the Oyster backdoor, also known as Broomstick, a ...