Bing ad posing as NordVPN aims to spread SecTopRAT malware

Malwarebytes Labs discovered a malvertising campaign on Bing that tricks users into installing a remote access trojan SecTopRAT disguised as a NordVPN download link. The threat actors had updated the campaign’s infrastructure, redirecting victims to a different domain, indicating that the malicious campaign may still be active with a different advertiser identity. The malware, first discovered in 2019, creates an invisible second desktop that enables attackers to control browser sessions on the victim’s system.