Enter your email address:

Delivered by FeedBurner

Wednesday, January 24, 2024

SolarMarker Malware Uses Novel Techniques To Persist On Hacked Systems

 In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy Windows Registry tricks to establish long-term persistence on compromised systems.

Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected on targeted networks despite the campaign witnessing a decline in November 2021.

Boasting of information harvesting and backdoor capabilities, the .NET-based malware has been linked to at least three different attack waves in 2021. The first set, reported in April, took advantage of search engine poisoning techniques to trick business professionals into visiting sketchy Google sites that installed SolarMarker on the victim's machines.

Then in August, the malware was observed targeting healthcare and education sectors with the goal of gathering credentials and sensitive information. Subsequent infection chains documented by Morphisec in September 2021 highlighted the use of MSI installers to ensure the delivery of the malware.

The SolarMarker modus operandi commences with redirecting victims to decoy sites that drop the MSI installer payloads, which, while executing seemingly legitimate install programs such as Adobe Acrobat Pro DC, Wondershare PDFelement, or Nitro Pro, also launches a PowerShell script to deploy the malware.


"These SEO efforts, which leveraged a combination of Google Groups discussions and deceptive web pages and PDF documents hosted on compromised (usually WordPress) websites, were so effective that the SolarMarker lures were usually at or near the top of search results for phrases the SolarMarker actors targeted," Sophos researchers Gabor Szappanos and Sean Gallagher said in a report shared with The Hacker News.

The PowerShell installer is designed to alter the Windows Registry and drop a .LNK file into Windows' startup directory to establish persistence. This unauthorized change results in the malware getting loaded from an encrypted payload hidden amongst what the researchers called a "smokescreen" of 100 to 300 junk files created specifically for this purpose.

"Normally, one would expect this linked file to be an executable or script file," the researchers detailed. "But for these SolarMarker campaigns the linked file is one of the random junk files, and cannot be executed itself."

What's more, the unique and random file extension used for the linked junk file is utilized to create a custom file type key, which is ultimately employed to execute the malware during system startup by running a PowerShell command from the Registry.

The backdoor, for its part, is ever-evolving, featuring an array of functionalities that allow it to steal information from web browsers, facilitate cryptocurrency theft, and execute arbitrary commands and binaries, the results of which are exfiltrated back to a remote server.

"Another important takeaway […], which was also seen in the ProxyLogon vulnerabilities targeting Exchange servers, is that defenders should always check whether attackers have left something behind in the network that they can return to later," Gallagher said. "For ProxyLogon this was web shells, for SolarMarker this is a stealthy and persistent backdoor that according to Sophos telematics is still active months after the campaign ended."

Continue reading


  1. Wifi Hacker Tools For Windows
  2. Kik Hack Tools
  3. Hacking Tools For Mac
  4. Hacking Tools For Beginners
  5. Pentest Box Tools Download
  6. Hack And Tools
  7. Hack Website Online Tool
  8. Hacking Tools Usb
  9. Pentest Tools Download
  10. Hacking Tools For Mac
  11. Hacking Tools Online
  12. Pentest Tools Kali Linux
  13. Hacker Tools Windows
  14. Hacker Tools Apk Download
  15. Hacking App
  16. World No 1 Hacker Software
  17. Free Pentest Tools For Windows
  18. Nsa Hack Tools Download
  19. Pentest Tools For Mac
  20. Pentest Tools For Ubuntu
  21. Hacker Tools Software
  22. What Are Hacking Tools
  23. Best Hacking Tools 2020
  24. Hacking Tools For Pc
  25. Pentest Tools Windows
  26. Hacking Tools For Games
  27. Best Pentesting Tools 2018
  28. Hacker Tools Online
  29. Hacking Tools For Beginners
  30. Hacking Tools For Beginners
  31. Hacker Tools Online
  32. Kik Hack Tools
  33. Pentest Tools Alternative
  34. Github Hacking Tools
  35. Pentest Tools Apk
  36. Best Pentesting Tools 2018
  37. Hack App
  38. Hack Tools For Games
  39. Tools For Hacker
  40. Hacker Tool Kit
  41. Usb Pentest Tools
  42. Hack Tools
  43. How To Hack
  44. Hack Tools Online
  45. Pentest Tools Free
  46. Hack Apps
  47. Pentest Tools Linux
  48. Github Hacking Tools
  49. Hacker Tools Github
  50. Pentest Tools Online
  51. Hacker Tools For Mac
  52. Pentest Tools Website Vulnerability
  53. Termux Hacking Tools 2019
  54. Hack Tools Online
  55. Tools For Hacker
  56. Best Hacking Tools 2019
  57. Hacker Tools Free
  58. Hacking Tools Windows 10
  59. Hack Tools For Ubuntu
  60. What Is Hacking Tools
  61. Pentest Tools For Mac
  62. Pentest Tools
  63. How To Make Hacking Tools
  64. Growth Hacker Tools
  65. Beginner Hacker Tools
  66. Hack Tools For Mac
  67. Nsa Hack Tools Download
  68. Pentest Tools Open Source
  69. Hacking Tools For Pc
  70. How To Make Hacking Tools
  71. Hacker Tools For Windows
  72. Pentest Tools For Android
  73. Top Pentest Tools
  74. Hacking Tools 2019
  75. Hack Tools For Games
  76. Hack App
  77. Free Pentest Tools For Windows
  78. Usb Pentest Tools
  79. Best Hacking Tools 2019
  80. Pentest Tools Review
  81. Hack Tools Mac
  82. Pentest Tools Download
  83. Hacker Tools Free
  84. Hacker
  85. Hacker Hardware Tools
  86. Pentest Tools For Mac
  87. Pentest Tools Framework
  88. Hack And Tools
  89. Pentest Tools Port Scanner
  90. Pentest Tools Free
  91. Hacker Tool Kit
  92. Hacking Tools Hardware
  93. Hacking Apps
  94. Hacking Tools Free Download
  95. Hack Tools
  96. Hack Tools For Games
  97. Hack Rom Tools
  98. Hacking Tools For Windows Free Download
  99. Hacking Tools For Windows 7
  100. Computer Hacker
  101. Hacker Tools Mac
  102. Hacker Tools Software
  103. Usb Pentest Tools
  104. What Is Hacking Tools
  105. Hacker Tool Kit
  106. Ethical Hacker Tools
  107. How To Hack
  108. Pentest Tools Apk
  109. Hacker Tools Windows
  110. What Is Hacking Tools
  111. Hacking Tools For Windows
  112. Growth Hacker Tools
  113. Hack Tools Online
  114. Hack Tool Apk
  115. Hak5 Tools
  116. Hackers Toolbox
  117. Hacker Security Tools
  118. What Is Hacking Tools
  119. Hack Tools
  120. Pentest Tools Alternative
  121. Hacking Tools For Beginners
  122. Hack Tools For Windows
  123. Hacking Tools Hardware
  124. Pentest Reporting Tools
  125. Pentest Tools
  126. Pentest Tools Alternative
  127. Hacker Tools Github
  128. Hack Tools Github
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)