Security News > 2023 > July > New Malvertising Campaign Distributing Trojanized IT Tools via Google and Bing Search Ads

A new malvertising campaign has been observed leveraging ads on Google Search and Bing to target users seeking IT tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP, and trick them into downloading trojanized installers with an aim to breach enterprise networks and likely carry out future ransomware attacks.

Dubbed Nitrogen, the "Opportunistic" activity is designed to deploy second-stage attack tools such as Cobalt Strike, Sophos said in a Wednesday analysis.

The Python scripts, once launched, establish a Meterpreter reverse TCP shell, thereby allowing threat actors to remotely execute code on the infected host, as well as download a Cobalt Strike Beacon to facilitate post-exploitation.

"Abuse of pay-per-click advertisements displayed in search engine results has become a popular tactic among threat actors," the researchers said.

"The threat actors are trying to cast a wide net to lure unsuspecting users seeking certain IT utilities."

To make matters worse, Sophos said it found on prominent criminal marketplaces a "Significant number of advertisements for, and discussion about, SEO poisoning, malvertising, and related services" as well as sellers offering compromised Google Ads accounts.

News URL

https://thehackernews.com/2023/07/new-malvertising-campaign-distributing.html