VERY IMPORTANT

This report details a recent malvertising campaign where threat actors abuse Microsoft Bing ads to impersonate the popular VPN provider NordVPN. Users searching for 'nord vpn' on Bing are shown a fraudulent ad that redirects them to a fake website mimicking NordVPN's official site. The website tricks victims into downloading a malicious installer posing as NordVPN's software, but also covertly installing the SecTopRAT remote access trojan on their systems. The report analyzes the traffic flow, malware payload, and provides indicators of compromise related to this campaign.