Researchers with Fox-IT observed a malvertising campaign that appeared to be connected to a Google advertisement reseller.

“It appears as if all of, its advertisement & zone ID's are currently redirecting to a domain, which in its turn is redirecting to the Nuclear Exploit Kit, indicating a possible compromise at this reseller of Google advertisement services,” according to a Tuesday post.

The Nuclear Exploit Kit has been observed exploiting vulnerabilities in Adobe Flash, Oracle Java and Microsoft Silverlight, the post states.

Fox-IT later updated the post to indicate that they are no longer observing malicious redirects from the advertisement reseller. In another update, the security group announced that the payload has been identified as Pony Loader, which is malware that steals credentials and installs more malware.