Skip to Content

SolarMarker RAT Spreading Through SEO Poisoning

Updated on 2022-10-03

Digital adversaries behind the SolarMarker malware crippled a global tax consulting firm by camouflaging fake Chrome browser updates as part of watering hole attacks. Read more: SolarMarker Attack Leverages Weak WordPress Sites, Fake Chrome Browser Updates

Overview

SolarMarker is a remote access trojan (RAT) that steals data and access credentials. Microsoft says that attackers trying to spread SolarMarker have been using PDF documents loaded with search engine optimization keywords to try to trick users into visiting malicious websites.

Note:

  • These documents, which masquerade as legitimate documents users may otherwise be looking for, are hard to have users not open. Even so, users can be made aware of the technique and trained to use caution when a document is prompting them to load more documents for the information requested. Endpoint protections, to include filtering of malicious sites, are key to preventing this sort of attack.
  • Understanding the distribution vector for malicious code may be more useful in resisting it than knowing its capabilities.

Read more in:

Tags

Tags

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.