HomeUpdateThis gang has been evolving it's methods to attack your system

This gang has been evolving it’s methods to attack your system

-

Last Updated on 03/02/2022 by Nidhi Khandelwal

The operators of the SolarMarker information stealer and backdoor have been discovered using subtle ways to create long-term persistence on compromised computers, indicating that threat actors are constantly changing tactics and updating their defensive mechanisms.

This gang has been evolving it's methods to attack your system 1

Despite the campaign’s drop in November 2021, the remote access implants are still being identified on targeted networks, according to cybersecurity firm Sophos, which spotted the new behavior.

The.NET-based virus has been linked to at least three different attack waves in 2021, boasting information harvesting and backdoor capabilities. The first batch, which was disclosed in April, used search engine poisoning techniques to dupe business professionals into visiting dubious Google sites that installed SolarMarker on their computers.

The malware was then discovered to be targeting the healthcare and education sectors in August, with the purpose of stealing credentials and sensitive information. The usage of MSI installers to assure the delivery of the virus was noted in subsequent infection chains published by Morphisec in September 2021.

This gang has been evolving it's methods to attack your system 2

SolarMarker starts by leading users to decoy sites that drop MSI installer payloads, which, while installing seemingly legal apps like Adobe Acrobat Pro DC, Wondershare PDFelement, or Nitro Pro, also run a PowerShell script to deliver the virus.

To ensure persistence, the PowerShell installer modifies the Windows Registry and drops a.LNK file into Windows’ starting directory. This unlawful alteration causes the malware to be loaded from an encrypted payload concealed behind a “smokescreen” of 100 to 300 garbage files built particularly for this purpose, according to the researchers.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

This is how Russia is being punished for the war

0
The developer of the popular "node-ipc" NPM package published a new modified version to denounce Russia's invasion of Ukraine, sparking concerns about open-source and...