Wednesday, January 17, 2024

SolarMarker Malware Uses Novel Techniques To Persist On Hacked Systems

 In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy Windows Registry tricks to establish long-term persistence on compromised systems.

Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected on targeted networks despite the campaign witnessing a decline in November 2021.

Boasting of information harvesting and backdoor capabilities, the .NET-based malware has been linked to at least three different attack waves in 2021. The first set, reported in April, took advantage of search engine poisoning techniques to trick business professionals into visiting sketchy Google sites that installed SolarMarker on the victim's machines.

Then in August, the malware was observed targeting healthcare and education sectors with the goal of gathering credentials and sensitive information. Subsequent infection chains documented by Morphisec in September 2021 highlighted the use of MSI installers to ensure the delivery of the malware.

The SolarMarker modus operandi commences with redirecting victims to decoy sites that drop the MSI installer payloads, which, while executing seemingly legitimate install programs such as Adobe Acrobat Pro DC, Wondershare PDFelement, or Nitro Pro, also launches a PowerShell script to deploy the malware.


"These SEO efforts, which leveraged a combination of Google Groups discussions and deceptive web pages and PDF documents hosted on compromised (usually WordPress) websites, were so effective that the SolarMarker lures were usually at or near the top of search results for phrases the SolarMarker actors targeted," Sophos researchers Gabor Szappanos and Sean Gallagher said in a report shared with The Hacker News.

The PowerShell installer is designed to alter the Windows Registry and drop a .LNK file into Windows' startup directory to establish persistence. This unauthorized change results in the malware getting loaded from an encrypted payload hidden amongst what the researchers called a "smokescreen" of 100 to 300 junk files created specifically for this purpose.

"Normally, one would expect this linked file to be an executable or script file," the researchers detailed. "But for these SolarMarker campaigns the linked file is one of the random junk files, and cannot be executed itself."

What's more, the unique and random file extension used for the linked junk file is utilized to create a custom file type key, which is ultimately employed to execute the malware during system startup by running a PowerShell command from the Registry.

The backdoor, for its part, is ever-evolving, featuring an array of functionalities that allow it to steal information from web browsers, facilitate cryptocurrency theft, and execute arbitrary commands and binaries, the results of which are exfiltrated back to a remote server.

"Another important takeaway […], which was also seen in the ProxyLogon vulnerabilities targeting Exchange servers, is that defenders should always check whether attackers have left something behind in the network that they can return to later," Gallagher said. "For ProxyLogon this was web shells, for SolarMarker this is a stealthy and persistent backdoor that according to Sophos telematics is still active months after the campaign ended."

More articles
  1. Pentest Tools Framework
  2. Hackers Toolbox
  3. Pentest Tools Apk
  4. Tools For Hacker
  5. Hacking App
  6. Hack And Tools
  7. Best Pentesting Tools 2018
  8. Best Hacking Tools 2020
  9. Black Hat Hacker Tools
  10. What Are Hacking Tools
  11. New Hack Tools
  12. Pentest Tools Windows
  13. Hacker Tools Online
  14. Hacker Tools Github
  15. Hacking Tools Free Download
  16. Computer Hacker
  17. Computer Hacker
  18. Hacking App
  19. Pentest Recon Tools
  20. Nsa Hack Tools Download
  21. Hack Tools For Games
  22. What Are Hacking Tools
  23. Hacker Tools For Windows
  24. Hacker Tools Github
  25. Underground Hacker Sites
  26. Pentest Tools Framework
  27. Hacking Tools For Beginners
  28. Blackhat Hacker Tools
  29. Hack Tools Pc
  30. Hacker Tools
  31. New Hack Tools
  32. Nsa Hack Tools
  33. Hacker
  34. Hacker Tools For Ios
  35. Hack Tools
  36. Hacking Tools Software
  37. Hacker Tools 2019
  38. Hacking Tools For Games
  39. Nsa Hack Tools
  40. Hacking Tools For Beginners
  41. Pentest Tools List
  42. Tools For Hacker
  43. Hacker Tool Kit
  44. Hackrf Tools
  45. Nsa Hack Tools Download
  46. Best Pentesting Tools 2018
  47. Hacking Tools Online
  48. Hack Tools For Mac
  49. Best Hacking Tools 2019
  50. Hacker Tools Free Download
  51. Hack Tools Download
  52. Hacker Tools Windows
  53. Pentest Recon Tools
  54. Game Hacking
  55. Pentest Tools Nmap
  56. Usb Pentest Tools
  57. Hack Tools For Pc
  58. Hacking Tools Mac
  59. Hack Tools Pc
  60. Hacking Tools For Windows 7
  61. Underground Hacker Sites
  62. Hacker Tools For Ios
  63. Top Pentest Tools
  64. Hacking Tools Mac
  65. Hacking Tools Download
  66. What Are Hacking Tools
  67. Pentest Tools Free
  68. Hacker Tools 2020
  69. Pentest Tools For Ubuntu
  70. Hacking Tools For Mac
  71. Hak5 Tools
  72. Hacker Tools Software
  73. Hacker Tools 2020
  74. Tools Used For Hacking
  75. World No 1 Hacker Software
  76. Hacking Tools Software
  77. Hacker Tools Online
  78. Best Hacking Tools 2020
  79. Hacking Tools For Games
  80. Pentest Tools For Mac
  81. Hack Apps
  82. Hacker Techniques Tools And Incident Handling
  83. Hacker Hardware Tools
  84. Pentest Tools For Mac
  85. Pentest Recon Tools
  86. Beginner Hacker Tools
  87. Hacking Tools
  88. Hacking Tools For Mac
  89. Hacker Tools 2020
  90. Hacker Tools Free
  91. Best Hacking Tools 2019
  92. Hacking App
  93. Pentest Tools List
  94. Hacking Tools Usb
  95. Hacks And Tools
  96. Bluetooth Hacking Tools Kali
  97. Hack Tools For Pc
  98. Hacking Tools Pc
  99. Hackrf Tools
  100. Hacking Tools Free Download
  101. Pentest Box Tools Download
  102. Ethical Hacker Tools
  103. Hacker Tools Free
  104. Hack Tool Apk No Root
  105. Pentest Tools For Android
  106. Hacker Tools For Pc
  107. Hacking Tools Github
  108. Hacking Tools For Windows 7
  109. Easy Hack Tools
  110. Hack Tools Online
  111. Hacker Techniques Tools And Incident Handling
  112. Termux Hacking Tools 2019
  113. Kik Hack Tools
  114. Install Pentest Tools Ubuntu
  115. Physical Pentest Tools
  116. Hacker Tools Hardware
  117. Pentest Tools
  118. Hacking Tools Online
  119. Hack Tools
  120. Hackers Toolbox
  121. Hacker Tools
  122. Hacking Tools Online
  123. Termux Hacking Tools 2019
  124. Hacker Tools 2020
  125. Hack App
  126. Pentest Tools For Windows
  127. Pentest Tools Free
  128. Blackhat Hacker Tools
  129. Pentest Tools Windows
  130. Hacker Security Tools
  131. Easy Hack Tools
  132. Tools For Hacker
  133. What Is Hacking Tools
  134. Hack And Tools
  135. Hacker Tools For Pc
  136. Hackrf Tools
  137. Best Pentesting Tools 2018
  138. Hack Tools For Ubuntu
  139. Hacker Tools For Mac
  140. Beginner Hacker Tools
  141. Beginner Hacker Tools
  142. Hacker Tools Free Download

No comments:

Post a Comment