SolarMarker Malware Uses Novel Techniques To Persist On Hacked Systems

 In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy Windows Registry tricks to establish long-term persistence on compromised systems.

Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected on targeted networks despite the campaign witnessing a decline in November 2021.

Boasting of information harvesting and backdoor capabilities, the .NET-based malware has been linked to at least three different attack waves in 2021. The first set, reported in April, took advantage of search engine poisoning techniques to trick business professionals into visiting sketchy Google sites that installed SolarMarker on the victim's machines.

Then in August, the malware was observed targeting healthcare and education sectors with the goal of gathering credentials and sensitive information. Subsequent infection chains documented by Morphisec in September 2021 highlighted the use of MSI installers to ensure the delivery of the malware.

The SolarMarker modus operandi commences with redirecting victims to decoy sites that drop the MSI installer payloads, which, while executing seemingly legitimate install programs such as Adobe Acrobat Pro DC, Wondershare PDFelement, or Nitro Pro, also launches a PowerShell script to deploy the malware.

"These SEO efforts, which leveraged a combination of Google Groups discussions and deceptive web pages and PDF documents hosted on compromised (usually WordPress) websites, were so effective that the SolarMarker lures were usually at or near the top of search results for phrases the SolarMarker actors targeted," Sophos researchers Gabor Szappanos and Sean Gallagher said in a report shared with The Hacker News.

The PowerShell installer is designed to alter the Windows Registry and drop a .LNK file into Windows' startup directory to establish persistence. This unauthorized change results in the malware getting loaded from an encrypted payload hidden amongst what the researchers called a "smokescreen" of 100 to 300 junk files created specifically for this purpose.

"Normally, one would expect this linked file to be an executable or script file," the researchers detailed. "But for these SolarMarker campaigns the linked file is one of the random junk files, and cannot be executed itself."

What's more, the unique and random file extension used for the linked junk file is utilized to create a custom file type key, which is ultimately employed to execute the malware during system startup by running a PowerShell command from the Registry.

The backdoor, for its part, is ever-evolving, featuring an array of functionalities that allow it to steal information from web browsers, facilitate cryptocurrency theft, and execute arbitrary commands and binaries, the results of which are exfiltrated back to a remote server.

"Another important takeaway […], which was also seen in the ProxyLogon vulnerabilities targeting Exchange servers, is that defenders should always check whether attackers have left something behind in the network that they can return to later," Gallagher said. "For ProxyLogon this was web shells, for SolarMarker this is a stealthy and persistent backdoor that according to Sophos telematics is still active months after the campaign ended."

Related word

1. Hacking Tools Download
2. Hack And Tools
3. Hacker Tools Github
4. New Hacker Tools
5. Pentest Tools Url Fuzzer
6. Hacking Tools Windows
7. Top Pentest Tools
8. Hacking Tools For Pc
9. Install Pentest Tools Ubuntu
10. Hacker Tools Mac
11. Github Hacking Tools
12. Pentest Tools Subdomain
13. Pentest Tools List
14. Pentest Tools Online
15. Hacker Tools Apk
16. New Hack Tools
17. Hacker Tools For Mac
18. Hacker Hardware Tools
19. Blackhat Hacker Tools
20. Hacking Tools Free Download
21. Hacker Tools Github
22. Pentest Tools Find Subdomains
23. Bluetooth Hacking Tools Kali
24. Hack Tool Apk
25. Hack Tools For Pc
26. Hack Tools For Windows
27. Hack Tools Github
28. Hacker Tools Github
29. Hacking Tools Pc
30. Tools For Hacker
31. Hacker Tools 2020
32. Easy Hack Tools
33. Pentest Tools Kali Linux
34. Hacker Tools For Windows
35. Hackrf Tools
36. Hacking Tools Software
37. Pentest Tools Bluekeep
38. Hacking Tools For Pc
39. Hacker Tools Hardware
40. Hacker Techniques Tools And Incident Handling
41. Pentest Tools Github
42. Hacker Tools For Pc
43. Ethical Hacker Tools
44. Hacker Tools For Mac
45. Hacker Tools 2020
46. Free Pentest Tools For Windows
47. Hacking Tools Free Download
48. Hack Tools 2019
49. Hacking Tools For Mac
50. Hacking Tools Name
51. World No 1 Hacker Software
52. Hacker Techniques Tools And Incident Handling
53. Hack Tools Download
54. Hack Tools For Ubuntu
55. Best Hacking Tools 2020
56. Hack App
57. New Hacker Tools
58. Hacking Tools For Windows
59. Pentest Tools Review
60. Pentest Tools For Android
61. Hack Tool Apk No Root
62. Best Hacking Tools 2019
63. Hacker Tools
64. What Are Hacking Tools
65. Pentest Tools Bluekeep
66. New Hack Tools
67. Easy Hack Tools
68. Pentest Tools For Windows
69. World No 1 Hacker Software
70. Hacking Tools
71. Hacking Tools For Windows Free Download
72. Hak5 Tools
73. Hack Tool Apk
74. Pentest Tools Bluekeep
75. Hack Website Online Tool
76. Pentest Tools For Mac
77. Pentest Tools Url Fuzzer
78. Hacking Tools Kit
79. Hacker Security Tools
80. Wifi Hacker Tools For Windows
81. Hacking Tools For Mac
82. Pentest Tools For Windows
83. Hacker Tools Online
84. What Are Hacking Tools
85. Game Hacking
86. Pentest Tools Free
87. Hacker Tools Free Download
88. Pentest Recon Tools
89. Pentest Tools Android
90. Install Pentest Tools Ubuntu
91. Bluetooth Hacking Tools Kali
92. Free Pentest Tools For Windows
93. Hack Tools
94. Blackhat Hacker Tools
95. Pentest Tools Nmap
96. Pentest Tools Find Subdomains
97. Hack Rom Tools
98. Pentest Tools Download
99. Pentest Tools Alternative
100. Install Pentest Tools Ubuntu
101. Hacking Tools Usb
102. Hacker Tools Mac
103. Pentest Tools Tcp Port Scanner
104. Hacking Tools Free Download
105. Hacker Tools Software
106. Hack Tools 2019
107. Hacker Tools Windows
108. Install Pentest Tools Ubuntu
109. Pentest Tools Open Source
110. Pentest Tools For Android
111. Wifi Hacker Tools For Windows
112. Pentest Tools For Android
113. How To Make Hacking Tools
114. Hacking Tools
115. Tools For Hacker
116. Pentest Tools Apk
117. Hacking Apps
118. Pentest Automation Tools
119. Install Pentest Tools Ubuntu
120. Top Pentest Tools
121. Hacking Tools Online
122. Hacker Tools Apk
123. Hacker Tools 2019
124. Hacking Tools For Windows 7
125. New Hacker Tools
126. Hackrf Tools
127. Hacker