Microsoft Shuts Down Ransomware Gang Using Fake Teams Apps

Microsoft halts a major ransomware threat by revoking 200+ certificates used by cybercriminals to disguise malware as legitimate software.

By Content Team

Oct 18, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Microsoft disrupted a major ransomware operation by revoking over 200 digital certificates that cybercriminals were using to make malware look legitimate. The Vanilla Tempest group, also known as Vice Society, created fake Microsoft Teams installers that appeared authentic thanks to stolen certificates from Microsoft's own Azure service and other providers like DigiCert and GlobalSign.

The scammers hosted these fake installers on domains like teams-download[.]buzz and used search engine tricks to lure victims. When users downloaded what they thought was Teams, they actually got the "Oyster" backdoor, which later delivered Rhysida ransomware. Vanilla Tempest has previously targeted schools and hospitals, though their latest victims remain unclear.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Cybercriminals Use Invisible Characters to Bypass Email Security Filters

Oct 29, 2025

Jaguar Land Rover Cyberattack Becomes UK's Most Costly Ever at £1.9 Billion

Oct 27, 2025

'ShadowLeak' Attack Let Hackers Steal Emails Through ChatGPT Without Detection

Sep 20, 2025

Russian Cyber-Attacks on NATO States Surge 25% as Hybrid Warfare Escalates

Oct 17, 2025