Nitrogen shelling malware from hacked sites

Nitrogen is the name given to a campaign and associated malware that have been distributed via malicious search ads. Its signature move is using Python and DLL side-loading to connect to the attacker’s command and control server.

In this blog post, we look at a recent Nitrogen campaign and specifically at how the initial payload is being served onto victims. The threat actors seem to have a preference for hosting their payloads on compromised WordPress sites, many of which are …

ads attacker blog blog post campaign command command and control connect control distributed dll dll side-loading hacked malicious malware name nitrogen python search server signature