A new malicious ad campaign has been observed that leverages ads in Google Search and Bing to target users looking for IT tools such as AnyDesk, AnyConnect VPN, Cisco and WinSCP and trick them into downloading trojanized installers to breach corporate networks.

Sophos said in an analysis that the "opportunistic" activity, dubbed Nitrogen, is designed to deploy second-stage attack vehicles like the Cobalt Strike.

Nitrogen was first documented by eSentire in June 2023.

Some of the measures we need to take to protect ourselves from such attacks are;

• Do not download from untrusted sites.

• Attention should be paid to the advertisements that appear.

• Advanced Anti-Virus applications should be used.

• Attention should be paid to incoming e-mails.

• Your system should always be updated with the latest version.