Malicious PuTTY Ads Deliver OysterLoader, Allowing Attackers Full Device and Network Access

The Rhysida ransomware gang has been running a sophisticated malvertising campaign that delivers OysterLoader malware through deceptive search engine advertisements, giving attackers complete access to compromised devices and networks.

The Rhysida gang, formerly known as Vice Society before rebranding in 2023, has perfected a dangerous infection chain using paid Bing search advertisements.

The gang purchases ads targeting popular software downloads, including PuTTY, Microsoft Teams, and Zoom, then directs users to convincing counterfeit landing pages designed to trick victims into downloading malware instead of legitimate software.

The tactic is particularly effective because these ads appear prominently in search results, and in Windows 11, they can even surface directly in the system’s start menu.

OysterLoader serves as an initial access tool, meaning its primary purpose is to establish ...