Rhysida’s OysterLoader: Multi-Stage Fake Installer Campaign
← Back to Labs
← Volver a Labs
Medium
Campaign, CyberCrime, Malware
Persistence
EDR, Sysmon, Windows

Rhysida’s OysterLoader: Multi-Stage Fake Installer Campaign

The Rhysida ransomware group leverages search engine malvertising and code-signed fake installers to distribute OysterLoader, a multi-stage C++ backdoor. It uses advanced evasion to establish persistence, delivering high-impact payloads like ransomware or infostealers to enterprises.

labs correlati

Contacts

Get in touch with us

Contact Us
chevron-right