Skip to Content

SolarMarker RAT Spreading Through SEO Poisoning

Updated on 2022-10-03

Digital adversaries behind the SolarMarker malware crippled a global tax consulting firm by camouflaging fake Chrome browser updates as part of watering hole attacks. Read more: SolarMarker Attack Leverages Weak WordPress Sites, Fake Chrome Browser Updates


SolarMarker is a remote access trojan (RAT) that steals data and access credentials. Microsoft says that attackers trying to spread SolarMarker have been using PDF documents loaded with search engine optimization keywords to try to trick users into visiting malicious websites.


  • These documents, which masquerade as legitimate documents users may otherwise be looking for, are hard to have users not open. Even so, users can be made aware of the technique and trained to use caution when a document is prompting them to load more documents for the information requested. Endpoint protections, to include filtering of malicious sites, are key to preventing this sort of attack.
  • Understanding the distribution vector for malicious code may be more useful in resisting it than knowing its capabilities.

Read more in:

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on