"'Nitrogen' Ransomware Effort Lures IT Pros via Google, Bing Ads"
Hackers are planting "malvertisements" for widely-used Information Technology (IT) tools on search engines in an attempt to lure IT professionals and conduct ransomware attacks in the future. The scheme involves pay-per-click advertisements on Google and Bing, which link to compromised WordPress sites and phishing pages that resemble download pages for software such as AnyDesk, Cisco AnyConnect, TreeSize Free, and WinSCP. Unsuspecting visitors end up downloading the intended software along with a Python package containing initial access malware, which the attackers then use to launch additional payloads. Sophos researchers have dubbed the campaign "Nitrogen." Several technology companies and nonprofits in North America have already been affected. Although none of the known cases have been successful, the researchers found that hundreds of brands have been co-opted for this type of malvertising across multiple campaigns in the past few months. This article continues to discuss findings and observations regarding the malicious Nitrogen campaign.
Dark Reading reports "'Nitrogen' Ransomware Effort Lures IT Pros via Google, Bing Ads"