CyberSecurityBoard
Sponsor Register Login

Rhysida OysterLoader Malvertising Campaign Leverages 40 Code Signing Certificates

A recent malvertising campaign involving the Rhysida group has been uncovered, leveraging the OysterLoader malware. This campaign is notable for its use of over 40 distinct code signing certificates, which help the malware evade detection and appear legitimate. The attackers distribute the malware through malicious advertisements, targeting users to install the OysterLoader, which then facilitates further payload delivery and system compromise. This sophisticated use of code signing certificates highlights the evolving tactics of threat actors to bypass security measures and maintain persistence. Organizations are urged to enhance their security monitoring for signed binaries and scrutinize code signing certificates to detect such threats early. The campaign underscores the importance of vigilance against malvertising as a vector for malware distribution and the need for comprehensive endpoint protection strategies.

This Cyber News was published on www.scworld.com. Publication date: Sun, 02 Nov 2025 23:14:04 +0000


Cyber News related to Rhysida OysterLoader Malvertising Campaign Leverages 40 Code Signing Certificates

Beware of Expired or Compromised Code Signing Certificates - One of the vital security measures taken in this direction is the use of code signing certificates to prove software authenticity, integrity and security. Code signing certificates, used for digitally signing applications and software, are an ...
1 year ago Securityboulevard.com
Rhysida OysterLoader Malvertising Campaign Leverages 40 Code Signing Certificates - A recent malvertising campaign involving the Rhysida group has been uncovered, leveraging the OysterLoader malware. This campaign is notable for its use of over 40 distinct code signing certificates, which help the malware evade detection and appear ...
1 month ago Scworld.com Rhysida
FBI and CISA warn of opportunistic Rhysida ransomware attacks - The FBI and CISA warned today of Rhysida ransomware gang's opportunistic attacks targeting organizations across multiple industry sectors. Rhysida, a ransomware enterprise that surfaced in May 2023, quickly gained notoriety after breaching the ...
2 years ago Bleepingcomputer.com Rhysida
Microsoft Trust Signing service abused to code-sign malware - Recently, cybersecurity researchers have seen threat actors utilizing the Microsoft Trusted Signing service to sign their malware with short-lived, three-day code-signing certificates. A cybersecurity researcher and developer known as 'Squiblydoo,' ...
8 months ago Bleepingcomputer.com
The Surge of FakeBat Malware in Search-Based Malvertising Campaigns - In recent months, cybersecurity researchers have observed a concerning surge in search-based malvertising campaigns, with documented incidents nearly doubling compared to previous periods. Amidst this uptick in online threats, one particular malware ...
1 year ago Cysecurity.news
Signing Executables With Azure DevOps - This signing tool is compatible with all major executable files and works impeccably with all OV and EV code signing certificates. It's mostly used with Azure DevOps due to the benefit of Azure Key Vault. Here, you will undergo the complete procedure ...
1 year ago Feeds.dzone.com
New Rhysida Ransomware Attacking Government and IT Industries - Hackers use ransomware to encrypt victims' files and demand payment for the decryption key. This malicious tactic allows them to extort money from the following entities by exploiting vulnerabilities in their digital systems:-. In May 2023, this new ...
1 year ago Gbhackers.com Rhysida
FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection - An ongoing malvertising campaign is being used to distribute virtualized. NET loaders that are designed to deploy the FormBook information-stealing malware. "The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion ...
2 years ago Thehackernews.com
GitHub says hackers cloned code-signing certificates in breached repository - GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place a cryptographic stamp on code to ...
2 years ago Packetstormsecurity.com
FakeBat delivered via several active malvertising campaigns - February was a particularly busy month for search-based malvertising with the number of incidents we documented almost doubling. We saw similar payloads being dropped but also a few new ones that were particularly good at evading detection. One ...
1 year ago Malwarebytes.com Cloak
The role of certificate lifecycle automation in enterprise environments - Learn about PKI automation and its role in managing the growing complexity of digital identities and certificates. Digital certificates form a strong foundation for our modern digital landscape and at the root of these certificates: PKI. Public key ...
1 year ago Securityboulevard.com
GitHub code-signing certificates stolen - Another day, another access-token-based database breach. This time, the victim is Microsoft's GitHub business. On December 6, 2022, repositories from our atom, desktop, and other deprecated GitHub-owned organizations were cloned by a compromised ...
2 years ago Nakedsecurity.sophos.com
Rhysida ransomware gang claims British Library cyberattack - The Rhysida ransomware gang has claimed responsibility for a cyberattack on the British Library in October, which has caused a major ongoing IT outage. Rhysida is auctioning off the data it reportedly stole from the United Kingdom's national library ...
2 years ago Bleepingcomputer.com Rhysida Medusa
Adding OpenSSL Generated Certificates to Your Server: A Comprehensive Guide - Utilizing SSL/TLS certificates to encrypt data transferred between your server and clients is one of the fundamental components of server security. The process of adding OpenSSL-generated certificates to your server will be covered in detail in this ...
1 year ago Feeds.dzone.com
Microsoft says malvertising campaign impacted 1 million PCs - The malvertising videos redirected users to the GitHub repos that infected them with malware designed to perform system discovery, collect detailed system info (e.g., memory size, graphic details, screen resolution, operating system (OS), and user ...
8 months ago Bleepingcomputer.com
Meet Rhysida, a New Ransomware Strain That Deletes Itself - Operating since last May, an emerging ransomware strain called Rhysida was deployed along with new stealer malware called Lumar for a potent new one-two punch against Brazil's popular PIX payment system users. Researchers from Kaspersky reported ...
2 years ago Darkreading.com Rhysida
New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers - A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. "This incident is a part of a larger malvertising ...
2 years ago Thehackernews.com Cloak
Hackers Stole GitHub Desktop and Atom Code-Signing Certificates - Monday, GitHub announced that unidentified threat actors were able to exfiltrate encrypted code signing certificates for certain versions of the GitHub Desktop for Mac and Atom applications. The company is taking the precautionary action of canceling ...
2 years ago Heimdalsecurity.com
GitHub Security Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom - GitHub revealed on Monday that unknown hackers managed to steal encrypted code signing certificates related to some versions of GitHub Desktop for Mac and Atom apps. As a precaution, the company is revoking the exposed certificates. Versions 1.63.0 ...
2 years ago Thehackernews.com
Slovenia's largest power provider HSE hit by ransomware attack - Slovenian power company Holding Slovenske Elektrarne has suffered a ransomware attack that compromised its systems and encrypted files, yet the company says the incident did not disrupt electric power production. HSE is Slovenia's largest power ...
2 years ago Bleepingcomputer.com Rhysida
Insomniac hack files leak news on Wolverine, Spider-Man 3, and more - Oli Welsh is senior editor, U.K., providing news, analysis, and criticism of film, TV, and games. He has been covering the business & culture of video games for two decades. The ransomware group that hacked Spider-Man 2 developer Insomniac Games on ...
1 year ago Polygon.com Rhysida
New Malvertising Campaign Targets Popular Websites with Sophisticated Techniques - A new malvertising campaign has been uncovered targeting popular websites with advanced techniques to distribute malware and steal user data. This campaign uses deceptive ads that redirect users to malicious sites, exploiting browser vulnerabilities ...
2 months ago Cybersecuritynews.com
Malvertisers zoom in on cryptocurrencies and initial access - While Zoom is used by millions of people around the world, these campaigns are likely targeting victims who are into cryptocurrencies as well as corporate users, in order to gain access to company networks. The threat actors are using a number of ...
1 year ago Malwarebytes.com Cloak
CVE-2008-7092 - Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a ...
8 years ago
Strengthening Cybersecurity: The Role of Digital Certificates and PKI in Authentication - Data protection remains integral in our wide digital world. This has been possible because of the increasing awareness amidst enterprises, small and large, across industries on the paramount need for the protection of sensitive data, securing digital ...
1 year ago Feeds.dzone.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)