Jan 24, 2024

SolarMarker Malware Uses Novel Techniques To Persist On Hacked Systems

5:37 AM

 In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy Windows Registry tricks to establish long-term persistence on compromised systems.

Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected on targeted networks despite the campaign witnessing a decline in November 2021.

Boasting of information harvesting and backdoor capabilities, the .NET-based malware has been linked to at least three different attack waves in 2021. The first set, reported in April, took advantage of search engine poisoning techniques to trick business professionals into visiting sketchy Google sites that installed SolarMarker on the victim's machines.

Then in August, the malware was observed targeting healthcare and education sectors with the goal of gathering credentials and sensitive information. Subsequent infection chains documented by Morphisec in September 2021 highlighted the use of MSI installers to ensure the delivery of the malware.

The SolarMarker modus operandi commences with redirecting victims to decoy sites that drop the MSI installer payloads, which, while executing seemingly legitimate install programs such as Adobe Acrobat Pro DC, Wondershare PDFelement, or Nitro Pro, also launches a PowerShell script to deploy the malware.


"These SEO efforts, which leveraged a combination of Google Groups discussions and deceptive web pages and PDF documents hosted on compromised (usually WordPress) websites, were so effective that the SolarMarker lures were usually at or near the top of search results for phrases the SolarMarker actors targeted," Sophos researchers Gabor Szappanos and Sean Gallagher said in a report shared with The Hacker News.

The PowerShell installer is designed to alter the Windows Registry and drop a .LNK file into Windows' startup directory to establish persistence. This unauthorized change results in the malware getting loaded from an encrypted payload hidden amongst what the researchers called a "smokescreen" of 100 to 300 junk files created specifically for this purpose.

"Normally, one would expect this linked file to be an executable or script file," the researchers detailed. "But for these SolarMarker campaigns the linked file is one of the random junk files, and cannot be executed itself."

What's more, the unique and random file extension used for the linked junk file is utilized to create a custom file type key, which is ultimately employed to execute the malware during system startup by running a PowerShell command from the Registry.

The backdoor, for its part, is ever-evolving, featuring an array of functionalities that allow it to steal information from web browsers, facilitate cryptocurrency theft, and execute arbitrary commands and binaries, the results of which are exfiltrated back to a remote server.

"Another important takeaway […], which was also seen in the ProxyLogon vulnerabilities targeting Exchange servers, is that defenders should always check whether attackers have left something behind in the network that they can return to later," Gallagher said. "For ProxyLogon this was web shells, for SolarMarker this is a stealthy and persistent backdoor that according to Sophos telematics is still active months after the campaign ended."

More info
  1. Pentest Tools Tcp Port Scanner
  2. Github Hacking Tools
  3. Pentest Tools Bluekeep
  4. Termux Hacking Tools 2019
  5. Hacker Tool Kit
  6. New Hack Tools
  7. Pentest Tools Find Subdomains
  8. Hack Tools For Windows
  9. Hack Rom Tools
  10. Wifi Hacker Tools For Windows
  11. Best Hacking Tools 2020
  12. Hacker Tools Github
  13. Easy Hack Tools
  14. Hacking Tools And Software
  15. World No 1 Hacker Software
  16. Pentest Tools Open Source
  17. Hacking Tools Free Download
  18. Hacking Tools For Pc
  19. Install Pentest Tools Ubuntu
  20. Pentest Tools Review
  21. Hacker Tools Github
  22. Hacker Tools For Pc
  23. Ethical Hacker Tools
  24. Pentest Tools Nmap
  25. Hak5 Tools
  26. Hack Tools Github
  27. Pentest Tools Find Subdomains
  28. Usb Pentest Tools
  29. Pentest Tools Github
  30. Hack Tool Apk No Root
  31. Hack And Tools
  32. Hacking Tools For Windows Free Download
  33. Pentest Tools Kali Linux
  34. Beginner Hacker Tools
  35. Hacker Tools Online
  36. Hacking Tools For Beginners
  37. How To Make Hacking Tools
  38. Pentest Tools Subdomain
  39. Hacker Tools For Ios
  40. Tools 4 Hack
  41. Hacker Tools Apk Download
  42. Hacker Tools
  43. How To Install Pentest Tools In Ubuntu
  44. Termux Hacking Tools 2019
  45. Tools 4 Hack
  46. How To Make Hacking Tools
  47. Hacker Hardware Tools
  48. Pentest Tools Linux
  49. Hack Tools Pc
  50. What Are Hacking Tools
  51. Hack Apps
  52. Tools 4 Hack
  53. Github Hacking Tools
  54. Hacker Tools For Ios
  55. Tools 4 Hack
  56. Pentest Tools Framework
  57. Hacking Tools And Software
  58. Hacking Tools Name
  59. Pentest Box Tools Download
  60. Hacker Tools Mac
  61. Pentest Tools Kali Linux
  62. Pentest Tools Bluekeep
  63. Hack Tools Pc
  64. Hack Rom Tools
  65. Pentest Automation Tools
  66. Pentest Tools Find Subdomains
  67. Pentest Tools For Ubuntu
  68. Beginner Hacker Tools
  69. Hacks And Tools
  70. Hacker Search Tools
  71. Hack Website Online Tool
  72. Pentest Tools Subdomain
  73. Best Hacking Tools 2019
  74. Nsa Hack Tools
  75. Hacker Search Tools
  76. Hacking Tools Mac
  77. Hacker Tools Apk
  78. Hacker Tools Free
  79. Hacker
  80. Pentest Tools Review
  81. Hacking Tools Pc
  82. Best Hacking Tools 2019
  83. Hack Tools For Games
  84. Hacking Tools For Games
  85. Pentest Tools Subdomain
  86. Hacking Tools For Beginners
  87. Pentest Tools Online
  88. Pentest Tools List
  89. Hacker Tools Mac
  90. How To Install Pentest Tools In Ubuntu
  91. Hacking Tools Usb
  92. Hacker Tools Online
  93. Hack Rom Tools
  94. Hacking Tools Usb
  95. Nsa Hack Tools Download
  96. Nsa Hack Tools Download
  97. Pentest Tools Android
  98. Github Hacking Tools
  99. Hack Tools Online
  100. How To Make Hacking Tools
  101. Hacker Tools For Windows
  102. Hacking Tools Windows
  103. Pentest Tools Url Fuzzer
  104. Hacking Tools For Windows Free Download
  105. Pentest Tools Online
  106. Top Pentest Tools
  107. Hack Tools
  108. Pentest Tools Website Vulnerability
  109. Hacking App
  110. Wifi Hacker Tools For Windows
  111. Beginner Hacker Tools
  112. Hacker Tools List
  113. Android Hack Tools Github
  114. Pentest Tools Tcp Port Scanner
  115. Hacker Tools Linux
  116. Pentest Tools
  117. Hacker Hardware Tools
  118. Hacker Tools Hardware
  119. Tools Used For Hacking
  120. Hacker Tools List
  121. How To Install Pentest Tools In Ubuntu
  122. Kik Hack Tools
  123. Kik Hack Tools
  124. Hak5 Tools
  125. Hacking Tools For Windows
  126. Hak5 Tools
  127. Pentest Tools Linux
  128. Easy Hack Tools
  129. Pentest Tools Find Subdomains
  130. Hackers Toolbox
  131. Hack Tools For Mac
  132. Physical Pentest Tools
  133. Termux Hacking Tools 2019
  134. Kik Hack Tools
  135. Hacker Tools For Ios
  136. Termux Hacking Tools 2019
  137. Hacking Tools Hardware
  138. Hacking Tools Name
  139. Hack Tools Download
  140. Pentest Box Tools Download
  141. Hacking Tools Mac
  142. Hack Tools For Mac
  143. Hacker Tools Apk
  144. Hacking Tools For Windows
  145. Hack Tools
  146. Install Pentest Tools Ubuntu
  147. Pentest Tools Alternative
  148. Wifi Hacker Tools For Windows
  149. How To Install Pentest Tools In Ubuntu
  150. Bluetooth Hacking Tools Kali
  151. Hacking App
  152. Hack App

0 အမွတ္တရေျပာသြားတာ:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Powered by Blogger