Beware - ransomware gang is tricking victims with fake Microsoft Teams ads

• Rhysida spoofed Microsoft Teams ads on Bing to deliver malware via fake download pages
• Victims received OysterLoader and Latrodectus, which deploy ransomware, backdoors, and infostealers
• Group operates on RaaS model; past targets include airports, libraries, and U.S. school districts

Security researchers have once again found poisoned ads on popular ad networks, spoofing major brands to deliver all sorts of nasties.

Experts at Expel spotted a new malware distribution campaign conducted by the Rhysida ransomware group which apparently began in June 2025, and is still ongoing at press time.

For the campaign, Rhysida’s operatives created landing pages to imitate download sites for Microsoft Teams, one of the world’s most popular online collaboration platforms. Then, they set up new ads on Microsoft’s Bing search engine to promote these pages.