September 25, 2023

Microsoft security experts are sounding the alarm on a new malware threat that uses an old but devious method to implant its code onto victims’ computers.

The malware operators behind SolarMarker are finding new success with an old trick called “SEO poisoning.”involves “stuffing” thousands of PDF documents with SEO keywords and links which start a cascade of redirections that eventually leads the unsuspecting user to malware. The attack works by using PDF documents designed to rank on search results

Attackers have in the past used Google sites to host these infected documents, while in recent campaigns Microsoft researchers have noticed the attackers shift to Amazon Web Services and Strikingly.

Business professionals are “being lured to hacker-controlled websites, hosted on Google Sites, and inadvertently installing a known, emerging Remote Access Trojan. The attack starts with the potential victim performing a search for business forms such as invoices, questionnaires, and receipts.” The campaign, lays out traps using Google search redirection, and once the RAT has been activated on a victim’s computer, the threat actors can send commands and upload additional malware to the infected system.

Microsoft notes that SolarMarker, is a backdoor malware that steals data and credentials from browsers. This is yet another devious threat to be aware of and another reminder to make sure you’re running the latest version of your operating software that includes the most up-to-date security measures given that Microsoft has said this so-called “SEO poisoning” technique seems to be pretty effective.

Microsoft Defender Antivirus continues to detect and block “thousands of these PDF documents in numerous environments,” according to the company.

Leave a Reply

%d bloggers like this: