image credit: Adobe Stock

BlackCat plays with malvertising traps to lure corporate victims

November 16, 2023

Affiliates of the ALPHV/BlackCat ransomware-as-a-service operation are turning to malvertising campaigns to establish an initial foothold in their victims’ systems.

Paid adverts for popular business software such as Slack and Cisco AnyConnect are being used to lure corporate victims into downloading malware that in turn leads to ransomware deployment.

Rather than downloading the legitimate software, victims are instead infected with Nitrogen malware – an initial access payload that can be used to launch second-stage attacks, akin to the the deployment of ransomware.

Read More on The Register