Fake Teams Installer Evades Detection, Targets Enterprise Users - 1

Image by Mika Baumeister, from Unsplash

Fake Teams Installer Evades Detection, Targets Enterprise Users

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

A new cyber campaign is using fake Microsoft Teams installers to infect users with the Oyster backdoor, also known as Broomstick.

In a rush? Here are the quick facts:

  • Fake Microsoft Teams installers are spreading via SEO poisoning and malvertising.
  • Execution installs the Oyster backdoor, also known as Broomstick, on the system.
  • Oyster enables remote access, system profiling, and delivery of additional payloads.

Security researchers at Blackpoint SOC are warning that attackers are redirecting Teams search results to fake websites that mimic the original Teams interface. They do this through a combination of SEO poisoning, and malvertising attacks.

The ad link directed users to a deceptive installer called ‘MSTeamsSetup.exe’ which presents itself as authentic yet performs harmful operations.

The trojanized installer performs its operations by installing a DLL called ‘ CaptureService.dll ’ in a random folder under ‘%APPDATA%\Roaming’ and creates a scheduled task to ensure persistence.

Oyster functions as a standard Windows process to execute additional payloads through its operation. These include remote access creation and system information collection.

The campaign mirrors earlier fake PuTTY operations, showing a recurring trend of attackers abusing trusted software brands for initial access. Blackpoint SOC noted, “By attaching a digital signature, threat actors aim to bypass basic trust checks and reduce suspicion from both end users and security controls that flag unsigned executables.”

The Oyster system maintains contact with attacker domains ‘nickbush24[.]com’ and ‘techwisenetwork[.]com’ to achieve long-term stealthy access. The use of well-known software brands and manipulated search results increases the likelihood of successful compromise while evading casual detection.

Organizations are urged to download collaboration tools only from verified Microsoft domains and avoid relying on search engine results.

“Personnel should use bookmarks and verified vendor domains when downloading software and remain vigilant to the fact that even common productivity tools can be abused as vehicles for malware delivery,” Blackpoint SOC advised.

This campaign highlights the ongoing risk of SEO-based attacks combined with commodity malware, demonstrating that even familiar enterprise software can be weaponized against unsuspecting users.

AI Startup Paid Raises $21 Million Seed Round - 2

Photo by Headway on Unsplash

AI Startup Paid Raises $21 Million Seed Round

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Sarah Frazier Former Content Manager

The startup Paid, founded by tech entrepreneur Manny Medina, has raised $21.6 million in a seed round led by Lightspeed. The company is now reported to be valued at more than $100 million.

In a rush? Here are the quick facts:

  • Paid raised $21.6 million in a recent seed round led by Lightspeed.
  • The startup, launched in March, is now valued at around $100 million.
  • The platform has been designed to support agentic startups with pricing.

According to Tech Crunch , the London-based company previously raised €10 million—about $11 million—in a pre-seed round in March. Medina—also the founder of Outreach—came up with the idea for the “results-based billing” service after testing agentic platforms last year.

Paid provides billing infrastructure that introduces a new way of charging for software. The service helps AI agent creators “start charging for points of margin saved by their customers,” Medina explained to TechCrunch.

Medina noted that today’s market is not designed for AI agents and that Paid enables agentic startups to set appropriate pricing while avoiding traditional software models. Since AI agents can perform multiple tasks, Medina argued, both clients and providers should focus less on individual actions and more on measurable outcomes.

“If you’re a quiet agent, you don’t get paid,” said Medina. “You need an infrastructure that allows the agent to charge for the additional work that the agent is doing.”

Paid also tracks outputs and helps companies determine profitable margins. Current clients include startups such as Artisan, HappyRobot, and Logic.app.

“50% of the workforce will be AI agents by 2030,” wrote Medina on the social media platform X on Monday. “While every SaaS company is still stuck charging ‘per seat’ for AI agents that aim to reduce seats. Those two things can’t be true at the same time.”

50% of the workforce will be AI agents by 2030 while every SaaS company is still stuck charging “per seat” for AI agents that aim to reduce seats. Those two things can’t be true at the same time. Today we announce $21M in seed funding to fix this! @lightspeedvp knows this… pic.twitter.com/11Q8P38Znx — Manuel Medina (@medinism) September 29, 2025

The platform itself has been built using the technique known as “ vibe coding ” with AI agents such as Lovable—which recently announced a new record in Annual Recurring Revenue —, Replit, and v0.

“This is what is so much fun about building a company right now. We have two engineers, and we have built the entirety of the building platform in a month. Why? Because we build everything on AI,” said Medina to TechCrunch.

Sources familiar with the matter confirmed that after this latest funding round, Paid’s valuation has surpassed $100 million.