Nitrogen Ransomware Effort Lures IT Pros via Google, Bing Ads

upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Content source
https://www.darkreading.com/vulnerabilities-threats/-nitrogen-ransomware-effort-lures-it-pros-via-google-bing-ads
Hackers are planting fake advertisements - "malvertisements" - for popular IT tools on search engines, hoping to ensnare IT professionals and perform future ransomware attacks.

The scheme surrounds pay-per-click ads on sites like Google and Bing, which link to compromised Wordpress sites and phishing pages mimicking download pages for software such as AnyDesk, Cisco AnyConnect, TreeSize Free, and WinSCP. Unsuspecting visitors end up downloading the actual software they intended, alongside a trojanized Python package containing initial access malware, which the attackers then use to drop further payloads. Researchers from Sophos are calling the campaign "Nitrogen." It has already touched several technology companies and nonprofits in North America. Though none of the known cases have yet been successful, the researchers noted that "hundreds of brands co-opted for malvertising of this sort across multiple campaigns in recent months."

"The key thing here is that they're targeting IT people," says Christopher Budd, director of Sophos X-Ops. Skipping right to the people closest to an organization's most sensitive systems, he says, "is actually a fairly efficient and effective way of targeting."
Click to expand...
It might seem risky to target IT professionals - folks with, presumably, the technical savvy to snuff out phishing attacks. Budd acknowledges that "the hit rate may be on the low side, because it is a more sophisticated audience. But the return, because of the sensitivity of that audience" - namely, their proximity to the most sensitive systems in a corporate network - "may be higher on those fewer hits, thus making it worthwhile."

What might the hackers do with such sensitive access? Budd stopped short of ascribing specific intentions, but he noted a report published last month by Trend Micro, which appears to map to the Nitrogen campaign. In that case, the attackers used their malvertising-enabled access to drop BlackCat ransomware onto their target's network.
Click to expand...
www.darkreading.com

'Nitrogen' Ransomware Effort Lures IT Pros via Google, Bing Ads

Forget temps and new employees. A new malicious campaign compromises organizations through a high risk, high reward vector: IT professionals.
www.darkreading.com www.darkreading.com
 
  • +Reputation
  • Like
  • Thanks
Reactions: R3j3ct, Sandbox Breaker, silversurfer and 7 others
You must log in or register to reply here.

Similar threads

nicolaasjan
    • Like
Malicious Notepad++ Google ads evade detection for months
Replies
0
Views
848
News Archive
nicolaasjan
nicolaasjan
Ink
    • Wow
    • Like
    • HaHa
Microsoft Bing AI now serves Malware Ads
Replies
3
Views
1,474
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • Like
    • +Reputation
Malware News Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware
Replies
0
Views
1,077
Security News
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top