Watch out - these fake ads for Slack and Cisco are just malware

Sead Fadilpašić

Tue, Nov 21, 2023, 12:27 PM2 min read

The Google Ads network has once again been hijacked to try and get victims to download initial access malware called Nitrogen, which can then be used to deploy ALPHV (AKA BlackCat), one of the most popular and destructive ransomware variants around today.

New research from eSentire said it observed a new campaign targeting corporations and public entities in the Americas and Europe.

“In the past three weeks, we have seen these affiliates attempt to breach a law firm, a manufacturer, and a warehouse provider within our customer network, alongside attacking other companies,” the researchers said.

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

Ongoing campaign

While the campaign might be fresh, its modus operandi is nothing new. Hackers would first compromise Google accounts that professionals use to set up ad campaigns and promote their businesses. This could be done via malware, social engineering, or simply by purchasing login credentials on the dark web. Then, they would set up a fake landing page, impersonating popular brands and offering software that business users often search for. In this case, that includes Advanced IP Scanner, Slack, WinSCP, and Cisco AnyConnect.

Then, they would run ads on the Google network promoting these landing pages, and while unsuspecting victims might think they’re downloading legitimate software, they’re in fact infecting their endpoints with Nitrogen.

Nitrogen, in turn, helps the attackers deploy BlackCat, which is then used to steal sensitive data and encrypt all of the files stored on the target network. The final step is to demand a ransom in exchange for the decryption key and for not leaking the data public.

Keegan Keplinger, Senior Threat Intelligence Researcher with TRU, said this campaign is a continuation of the campaign observed in June 2023, in which the attackers basically did the same thing. It’s also worth mentioning that BlackCat is a Ransomware-as-a-Service (RaaS) and that any of its numerous affiliates could have set this campaign up.

More from TechRadar Pro

Google and Bing search ads hijacked to spread malware
Here's a list of the best firewalls today
These are the best endpoint security tools right now

Forget Nvidia: Members of Congress Are Scooping Up Shares of Its Core Rival Instead
There's a much more popular AI stock on Capitol Hill than the leading AI chip maker.
Motley Fool•16h ago
Are You Saving Enough To Be In The Top 3% Of Retirees? Here's How Much You Need
Retirement savings play a crucial role in securing financial stability in your golden years. For those aiming high, being in the top 3% of retirees in terms of savings enhances comfort and offers greater financial freedom. Using data from the Federal Reserve's Survey of Consumer Finances, a 2024 survey by the Employee Benefit Research Institute, reveals that individuals with over $1 million in retirement accounts rank in the top 3% of retirees. Only 3.2% of retirees have surpassed the $1 million
Benzinga•1d ago
Generative AI Software Sales Could Soar 6,260%: My Pick for the Best AI Stock to Buy Now (Hint: Not Nvidia)
This little-known software stock could soar as businesses spend more on generative artificial intelligence.
Motley Fool•17h ago
Nvidia Owns a 3.4% Stake in This Innovative Artificial Intelligence (AI) Stock Cathie Wood Loves
The $50 million purchase could turn into Nvidia's biggest investment.
Motley Fool•12h ago
2 Stock-Split Stocks to Buy Hand Over Fist Right Now
These proven wealth builders could be exactly what you're searching for right now.
Motley Fool•1d ago
2 Incredibly Cheap Dividend Stocks to Buy Now
These two dividend payers have historically high yields and attractive businesses, even though there are some headwinds to deal with.
Motley Fool•4h ago
Want $1 Million In Retirement? Invest $250,000 in These 3 Stocks and Wait a Decade.
These three tech stocks look like reliable long-term winners.
Motley Fool•4h ago
This Is the Average Social Security Benefit for Age 67
The number probably isn't anywhere near what you think it is.
Motley Fool•11h ago
3 Dividend Stocks to Buy and Hold for the Next Decade
You'll get dividends and more with these great stocks.
Motley Fool•14h ago
Housing supply surges by up to 50% in these metro areas — and many sellers are being forced to slash their asking prices
The property report includes 85 major metropolitan areas in the U.S. with populations of at least 750,000.
MarketWatch•2d ago

News

Life

Entertainment

Finance

Sports

New on Yahoo

Yahoo Finance

Watch out - these fake ads for Slack and Cisco are just malware

Ongoing campaign

More from TechRadar Pro

Recommended Stories

Forget Nvidia: Members of Congress Are Scooping Up Shares of Its Core Rival Instead

Are You Saving Enough To Be In The Top 3% Of Retirees? Here's How Much You Need

Generative AI Software Sales Could Soar 6,260%: My Pick for the Best AI Stock to Buy Now (Hint: Not Nvidia)

Nvidia Owns a 3.4% Stake in This Innovative Artificial Intelligence (AI) Stock Cathie Wood Loves

2 Stock-Split Stocks to Buy Hand Over Fist Right Now

2 Incredibly Cheap Dividend Stocks to Buy Now

Want $1 Million In Retirement? Invest $250,000 in These 3 Stocks and Wait a Decade.

This Is the Average Social Security Benefit for Age 67

3 Dividend Stocks to Buy and Hold for the Next Decade

Housing supply surges by up to 50% in these metro areas — and many sellers are being forced to slash their asking prices