About NELTA

Content Hub

DE

EN

DE

EN

DE

EN

Caution with Google Ads: Malvertising targets your IT tools

Caution with Google Ads: Malvertising targets your IT tools

Cybersecurity

Share Article on:

Cybercriminals use paid search ads to lure users searching for IT tools to harmful websites. A new malvertising campaign targets tools like AnyDesk and Cisco AnyConnect VPN. Prevention is key: We will show you how to protect your company from trojanized installers and ransomware.

Cybercriminals use paid search ads to lure users searching for IT tools to harmful websites. A new malvertising campaign targets tools like AnyDesk and Cisco AnyConnect VPN. Prevention is key: We will show you how to protect your company from trojanized installers and ransomware.

The attack vectors are becoming more subtle. In July, a new malvertising campaign was observed that specifically uses ads in Google and Bing search to target users looking for legitimate IT tools. The focus is on applications such as AnyDesk, Cisco AnyConnect VPN, and WinSCP. The goal is to entice users to download trojanized installers to penetrate corporate networks and prepare for follow-on damage, such as ransomware attacks. This 'opportunistic' activity, referred to as Nitrogen, uses paid advertising to spread malware such as BATLOADER and IcedID. This underscores the need for a holistic prevention strategy that considers not only technical vulnerabilities but also human behavior.

The attack vectors are becoming more subtle. In July, a new malvertising campaign was observed that specifically uses ads in Google and Bing search to target users looking for legitimate IT tools. The focus is on applications such as AnyDesk, Cisco AnyConnect VPN, and WinSCP. The goal is to entice users to download trojanized installers to penetrate corporate networks and prepare for follow-on damage, such as ransomware attacks. This 'opportunistic' activity, referred to as Nitrogen, uses paid advertising to spread malware such as BATLOADER and IcedID. This underscores the need for a holistic prevention strategy that considers not only technical vulnerabilities but also human behavior.

The Anatomy of the Threat

The anatomy of this threat follows a complex infection chain. The Nitrogen campaign, first documented in June 2023, redirects users to compromised WordPress sites, where malicious ISO image files are hosted. This culminates in the deployment of Python scripts and Cobalt Strike beacons on the target system.

A similar attack sequence uncovered by Trend Micro involved a fraudulent WinSCP application serving as a springboard for a BlackCat ransomware attack. This tactic illustrates how quickly cybercriminals adapt their methods.

The solution lies in consistent employee training (Cybersecurity Awareness) and the implementation of systems for proactive detection of malicious activities before they lead to a breach. Only prevention can be the solution here.

The Anatomy of the Threat

The anatomy of this threat follows a complex infection chain. The Nitrogen campaign, first documented in June 2023, redirects users to compromised WordPress sites, where malicious ISO image files are hosted. This culminates in the deployment of Python scripts and Cobalt Strike beacons on the target system.

A similar attack sequence uncovered by Trend Micro involved a fraudulent WinSCP application serving as a springboard for a BlackCat ransomware attack. This tactic illustrates how quickly cybercriminals adapt their methods.

The solution lies in consistent employee training (Cybersecurity Awareness) and the implementation of systems for proactive detection of malicious activities before they lead to a breach. Only prevention can be the solution here.

Solution through Quality Assurance

The protection against malvertising is part of a holistic quality assurance and IT security strategy. Attackers target the human component and the vulnerabilities in the digital supply chain.

As your quality-oriented digitalization partner, we help you minimize these risks. We not only provide analyses and audits of your existing security measures but also training for your teams. Furthermore, we support you in implementing testing procedures that ensure your systems are protected against such attacks and that no unintended entry points for malware are created. We guarantee you the independence and competence to establish your digital infrastructure securely and sustainably.

Contact us for a non-binding conversation about your prevention strategy.

Solution through Quality Assurance

The protection against malvertising is part of a holistic quality assurance and IT security strategy. Attackers target the human component and the vulnerabilities in the digital supply chain.

As your quality-oriented digitalization partner, we help you minimize these risks. We not only provide analyses and audits of your existing security measures but also training for your teams. Furthermore, we support you in implementing testing procedures that ensure your systems are protected against such attacks and that no unintended entry points for malware are created. We guarantee you the independence and competence to establish your digital infrastructure securely and sustainably.

Contact us for a non-binding conversation about your prevention strategy.

Similar CASES

Similar CASES

1

/

4

/

2026

Quality assurance

AI

Test automation

KI im Testing: Ersetzt sie Test Engineers – oder verändert sie ihre Rolle?

Künstliche Intelligenz verändert derzeit viele Bereiche der Softwareentwicklung – und auch das Testing bleibt davon nicht unberührt. Moderne KI-Systeme können bereits heute automatisch Tests generieren, Testdaten erstellen und Testskripte vorschlagen.

Learn more

31

/

3

/

2026

Quality assurance

Health

Energy

Quartalsweise Releases im regulierten Umfeld: Drei Voraussetzungen für schnellere Lieferzyklen

Quartalsweise Releases in einem regulierten Umfeld – für viele Unternehmen klingt das zunächst wie ein Widerspruch. Strenge Compliance-Vorgaben, umfangreiche Dokumentation und komplexe Freigabeprozesse scheinen kurzen Lieferzyklen im Weg zu stehen.

Learn more

25

/

3

/

2026

Quality assurance

Das V-Modell in der Praxis: Pflichtprogramm oder sinnvolles Framework?

In vielen Organisationen – insbesondere in regulierten Branchen – gehört das V-Modell zum festen Bestandteil der Softwareentwicklung. Es sorgt für Struktur, klare Phasen und nachvollziehbare Qualitätssicherung.

Learn more

About NELTA

Career

Content Hub

Contact

Imprint

Data protection

LinkedIn

X

Instagram

Xing

© 2026 Nelta. All rights reserved.

About NELTA

Career

Content Hub

Contact

Imprint

Data protection

LinkedIn

X

Instagram

Xing

© 2026 Nelta. All rights reserved.

About NELTA

Career

Content Hub

Contact

Imprint

Data protection

LinkedIn

X

Instagram

Xing

© 2026 Nelta. All rights reserved.