
← Back to Labs
← Volver a Labs
Medium
Campaign, CyberCrime, Malware
Persistence
EDR, Sysmon, Windows
Rhysida’s OysterLoader: Multi-Stage Fake Installer Campaign
The Rhysida ransomware group leverages search engine malvertising and code-signed fake installers to distribute OysterLoader, a multi-stage C++ backdoor. It uses advanced evasion to establish persistence, delivering high-impact payloads like ransomware or infostealers to enterprises.



