Beware of fake Microsoft Teams ads spreading ransomware

Ransomware gang uses fake Microsoft Teams ads to deliver malware 

What Happened: Heads up, everyone. There’s a really nasty new scam making the rounds, and it’s targeting anyone searching for Microsoft Teams.

• A ransomware gang called Rhysida has been buying up ad space on search engines, especially Bing. So, when you search for “Microsoft Teams,” their fake ad might be the first thing you see. It looks totally legit, like it’s pointing right to the real Microsoft download page.
• But it’s a trap. When you click it, it sends you to a bogus website (one that’s probably spelled almost like the real one, a tactic called “typosquatting”).
• You download what you think is the Teams installer, but it’s actually a piece of malware called OysterLoader. Once that’s on your system, it can let the hackers in to eventually lock up all your files with ransomware.

EThamPhoto / Getty Images / EThamPhoto / Getty Images

Why This Is Important: This is a scarily smart campaign. These guys, who have been linked to over 200 data leaks, are part of a “ransomware-as-a-service” network (yep, that’s a real thing).

• To make the scam work, they’re using a bunch of digital certificates – those little things that are supposed to tell Windows, “Hey, this software is legit and safe.”
• Because the malware has a (likely stolen) certificate, your computer trusts it, and your antivirus program might not even flag it. One security firm said that at first, almost no antivirus tools were catching this thing, giving the hackers plenty of time to get in.
• Microsoft is in a high-stakes game of whack-a-mole; they’ve already revoked over 200 of these fake certificates, but the bad guys just keep evolving.

Why Should I Care: This isn’t just a problem for big companies. They are hitting individuals, schools, and small businesses – anyone who might be looking for popular software.

• If you’ve downloaded Microsoft Teams (or any popular app, really) from a search ad recently, you could be at risk.
• Clicking that one wrong link could be all it takes to get your entire computer – all your photos, documents, and personal files – encrypted and held for ransom.

TheDigitalWay/Pixabay / Pixabay

What’s Next: Security experts are all over this, and Microsoft is fighting back, but these groups adapt fast. The best defense for you? It’s pretty simple:

• Never, ever download software from a search ad.
• Seriously, just don’t. Always go directly to the official website yourself (like typing in microsoft.com by hand).
• Using an ad blocker on your browser is also a fantastic idea, as it will probably stop you from even seeing these malicious ads in the first place. Stay safe out there.

Source