Welcome to this week’s cybersecurity threat report. The first week of July 2025 brings a wave of critical developments: a widespread SEO poisoning campaign deploying backdoors through trojanized admin tools, a remote code execution exploit in Call of Duty: WWII impacting PC gamers, and a major legal ruling against Google for covert Android data collection. Here’s what you need to know.
SEO Poisoning Campaign Infects Thousands with Trojanized Admin Tools
A sophisticated SEO poisoning and malvertising campaign has compromised thousands of IT administrators and developers by promoting trojanized installers of widely used tools like PuTTY and WinSCP. Security researchers at Arctic Wolf report that over 8,500 systems have been affected. Threat actors cloned legitimate download pages and deployed blackhat SEO tactics to elevate these fake pages in Google search results. Some victims were also targeted through malicious ads.
Once users downloaded and ran the compromised installers, a backdoor called “Oyster” (also tracked as Broomstick or CleanUpLoader) was deployed. The malware achieves persistence via a scheduled task that launches every three minutes, executing a DLL (twain_96.dll) with rundll32.exe using the DllRegisterServer export. This grants attackers ongoing remote access and command execution capability.
The campaign’s infrastructure includes deceptive domains like updaterputty[.]com and putty[.]run. These mimic legitimate vendor URLs, making them harder to spot, especially for users quickly searching for download links. Arctic Wolf’s analysis also linked the malware to broader APT-style behaviors, suggesting the operation may be part of an advanced persistent threat campaign targeting supply chains or enterprise IT.
This incident underscores how attackers increasingly exploit trust in open-source and administrative tools via search-based delivery vectors.
Remote Code Execution Exploit in Call of Duty: WWII
Attackers exploited a critical remote code execution (RCE) vulnerability in the PC version of Call of Duty: WWII to hijack players’ systems during online multiplayer sessions. Researchers discovered the exploit shortly after the game joined Xbox Game Pass for PC. It allows threat actors to execute arbitrary commands on other players’ computers, leveraging the game’s peer-to-peer (P2P) architecture.
Affected players have reported unauthorized actions such as Notepad launching, pornographic content displaying, and forced shutdowns—confirming attackers had control over system-level functions. The root cause lies in the game’s outdated networking code, which lacks the protections modern titles deploy through dedicated servers and sandboxing.
Activision responded by pulling the PC version of the game offline temporarily. While investigations are ongoing, cybersecurity experts speculate that attackers are using specially crafted packets or lobby exploits to execute code. This vulnerability has broader implications for legacy games re-released on modern platforms without adequate patching.
Security researchers urge players to uninstall the game or avoid multiplayer modes until an official patch arrives. This incident highlights the growing trend of RCE exploits targeting gaming platforms with large user bases and unpatched vulnerabilities.
Google Fined $314 Million for Unauthorized Android Data Collection
A California jury ordered Google to pay $314.6 million in a class-action lawsuit over unauthorized data collection from idle Android devices. The court found that Google collected device telemetry and network information—even when phones were inactive and no apps were in use—without proper user consent. The jury’s decision followed revelations that an Android phone could communicate with Google servers nearly 900 times in a 24-hour period.
The lawsuit, representing around 14 million Californians, focused on how this silent data collection consumed mobile data plans without user awareness. Moreover, evidence presented in court showed that 94% of these transmissions were between the device and Google’s infrastructure. As a result, the legal team argued that such data usage violated consumer privacy rights under California law, as Google failed to adequately disclose the extent and persistence of background data transmissions.
Google has stated its intention to appeal, claiming the data is necessary for essential services and system stability. However, the ruling sets a powerful precedent in consumer data rights and transparency, potentially influencing how other tech firms approach telemetry and consent.
This case illustrates the intensifying scrutiny of Big Tech’s data practices and raises critical questions about transparency, consent, and regulatory enforcement in the mobile OS ecosystem.
Stay Out of Threat Reports: Strengthen Your Organization
This week’s threats—from SEO poisoning to game exploits and data privacy violations—reveal how attackers manipulate trust at every level. Whether it’s admin tools, online platforms, or mobile devices, attackers are targeting what users rely on most.
Staying secure means staying informed. RSI Security is here to help you strengthen your defenses with expert guidance and tailored cybersecurity solutions.
Contact Us Now!
