Senin, 22 Januari 2024

SolarMarker Malware Uses Novel Techniques To Persist On Hacked Systems

 In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy Windows Registry tricks to establish long-term persistence on compromised systems.

Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected on targeted networks despite the campaign witnessing a decline in November 2021.

Boasting of information harvesting and backdoor capabilities, the .NET-based malware has been linked to at least three different attack waves in 2021. The first set, reported in April, took advantage of search engine poisoning techniques to trick business professionals into visiting sketchy Google sites that installed SolarMarker on the victim's machines.

Then in August, the malware was observed targeting healthcare and education sectors with the goal of gathering credentials and sensitive information. Subsequent infection chains documented by Morphisec in September 2021 highlighted the use of MSI installers to ensure the delivery of the malware.

The SolarMarker modus operandi commences with redirecting victims to decoy sites that drop the MSI installer payloads, which, while executing seemingly legitimate install programs such as Adobe Acrobat Pro DC, Wondershare PDFelement, or Nitro Pro, also launches a PowerShell script to deploy the malware.


"These SEO efforts, which leveraged a combination of Google Groups discussions and deceptive web pages and PDF documents hosted on compromised (usually WordPress) websites, were so effective that the SolarMarker lures were usually at or near the top of search results for phrases the SolarMarker actors targeted," Sophos researchers Gabor Szappanos and Sean Gallagher said in a report shared with The Hacker News.

The PowerShell installer is designed to alter the Windows Registry and drop a .LNK file into Windows' startup directory to establish persistence. This unauthorized change results in the malware getting loaded from an encrypted payload hidden amongst what the researchers called a "smokescreen" of 100 to 300 junk files created specifically for this purpose.

"Normally, one would expect this linked file to be an executable or script file," the researchers detailed. "But for these SolarMarker campaigns the linked file is one of the random junk files, and cannot be executed itself."

What's more, the unique and random file extension used for the linked junk file is utilized to create a custom file type key, which is ultimately employed to execute the malware during system startup by running a PowerShell command from the Registry.

The backdoor, for its part, is ever-evolving, featuring an array of functionalities that allow it to steal information from web browsers, facilitate cryptocurrency theft, and execute arbitrary commands and binaries, the results of which are exfiltrated back to a remote server.

"Another important takeaway […], which was also seen in the ProxyLogon vulnerabilities targeting Exchange servers, is that defenders should always check whether attackers have left something behind in the network that they can return to later," Gallagher said. "For ProxyLogon this was web shells, for SolarMarker this is a stealthy and persistent backdoor that according to Sophos telematics is still active months after the campaign ended."

More information


  1. Pentest Tools Free
  2. Nsa Hacker Tools
  3. Hack Tools Online
  4. Hacking Tools For Windows Free Download
  5. Hacker Techniques Tools And Incident Handling
  6. Pentest Tools For Mac
  7. Tools Used For Hacking
  8. Usb Pentest Tools
  9. Hacker Tools Software
  10. Hacker Tools For Windows
  11. Hacking Tools Name
  12. Github Hacking Tools
  13. Bluetooth Hacking Tools Kali
  14. Hacking Tools For Games
  15. Pentest Tools Android
  16. Tools For Hacker
  17. Pentest Tools Tcp Port Scanner
  18. Hak5 Tools
  19. Pentest Tools Github
  20. Hacking Tools Hardware
  21. Easy Hack Tools
  22. Hack Tools For Ubuntu
  23. Hack Tools Online
  24. Physical Pentest Tools
  25. Pentest Tools
  26. How To Install Pentest Tools In Ubuntu
  27. Hacking Tools Hardware
  28. Hacker Tools For Ios
  29. Game Hacking
  30. Pentest Tools Website Vulnerability
  31. Pentest Tools Subdomain
  32. Hack Tools For Windows
  33. Growth Hacker Tools
  34. Pentest Tools For Windows
  35. New Hacker Tools
  36. Pentest Reporting Tools
  37. Pentest Tools Linux
  38. Hack Tools For Mac
  39. Tools 4 Hack
  40. Pentest Tools Website
  41. Hacker Tools For Ios
  42. Hacking Tools 2019
  43. Easy Hack Tools
  44. Pentest Tools Kali Linux
  45. Tools For Hacker
  46. Hak5 Tools
  47. Physical Pentest Tools
  48. Pentest Tools Github
  49. Pentest Tools List
  50. Hackrf Tools
  51. Physical Pentest Tools
  52. Hacker Tools Online
  53. Hacks And Tools
  54. Pentest Tools Kali Linux
  55. Hacking Tools Kit
  56. Hacker Tools Apk
  57. Hackrf Tools
  58. Hacking Tools Online
  59. Hacker Tools
  60. Wifi Hacker Tools For Windows
  61. Hacking Tools Online
  62. Hacker Tools For Pc
  63. Hacking Tools And Software
  64. Hacking Tools For Games
  65. Kik Hack Tools
  66. Hacking App
  67. Nsa Hack Tools
  68. How To Install Pentest Tools In Ubuntu
  69. Hacker Tool Kit
  70. Nsa Hacker Tools
  71. Hack Tools
  72. Pentest Recon Tools
  73. Hacking Tools Software
  74. Hacker Hardware Tools
  75. Hacker Tools Github
  76. Hacking Tools And Software
  77. Hacker Tools
  78. Hacker Tools Online
  79. Pentest Tools Android
  80. Hacking App
  81. Hacking Tools Usb
  82. Growth Hacker Tools
  83. Bluetooth Hacking Tools Kali
  84. Hacking Tools 2019
  85. Nsa Hack Tools Download
  86. Best Hacking Tools 2019
  87. Github Hacking Tools
  88. How To Install Pentest Tools In Ubuntu
  89. Hack Tools Online
  90. Beginner Hacker Tools
  91. Bluetooth Hacking Tools Kali
  92. Hacker Tools Free
  93. Bluetooth Hacking Tools Kali
  94. Hack Tools Download
  95. Hacking Tools Name
  96. Pentest Tools Free
  97. Hacking Tools For Kali Linux
  98. Hack Tools Online
  99. Pentest Tools Apk
  100. Hacking Tools Download
  101. Hacking Tools For Windows
  102. Pentest Tools Github
  103. Hack And Tools
  104. Pentest Tools Download
  105. Hacker Hardware Tools
  106. Hacker Tools List
  107. Hacker Tools Software
  108. Easy Hack Tools
  109. Hacker Security Tools
  110. Hacking Tools For Windows 7
  111. Hacking Tools Software
  112. Pentest Tools For Android
  113. Hacking Tools Usb
  114. Hacking Tools Kit
  115. Hacker Hardware Tools
  116. Hack Tool Apk No Root
  117. Hack App
  118. How To Install Pentest Tools In Ubuntu
  119. Pentest Tools For Ubuntu
  120. Android Hack Tools Github
  121. Hack Tools For Mac
  122. Ethical Hacker Tools
  123. Wifi Hacker Tools For Windows
  124. Hacker Tools 2019
  125. Nsa Hack Tools Download
  126. Pentest Tools Port Scanner
  127. Pentest Tools For Android
  128. Hacking Tools Kit
  129. Hack Tools For Pc
  130. Ethical Hacker Tools
  131. Pentest Recon Tools
  132. Hack Tools For Ubuntu
  133. Easy Hack Tools
  134. Hack Tools
  135. Pentest Tools Kali Linux
  136. Hacking Tools
  137. Pentest Tools For Ubuntu
  138. Hak5 Tools
  139. Hacker Hardware Tools
  140. Hacker Tools Mac
  141. Hacker Tools For Mac
  142. Hacking Tools Windows
  143. Hackrf Tools
  144. Pentest Tools Download
  145. Hack Tools For Pc
  146. Hacking Tools Software
  147. How To Make Hacking Tools
  148. Hack Tools Github
  149. Hacker Tools List
  150. Hacker Tools Software
  151. Hackers Toolbox
  152. Hacker Tools
  153. Tools 4 Hack
  154. Pentest Tools Github
  155. Pentest Tools Kali Linux
Posted By: caritanews On 18.17 In  

0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)