Operators of the malware known as SolarMarker, are using an old technique called SEO poisoning to trick users to follow links on PDF documents stuffed with many SEO keywords and redirect them to malware.
What is SEO poisoning?
It is also known as search poisoning. Using this strategy, attackers create malicious websites and use several techniques to make them appear on the top search results. Tactics include keyword stuffing to manipulate search rankings and redirect their victims to malware links, phishing websites and other malicious applications.
What typically happens when you fall for it
The PDF documents are designed in a way so that they are ranked high by search engines so that they can appear higher on the search results of victims. The documents are built many keywords of a wide range of topics, from “insurance form” and “acceptance of contract” to “how to join in SQL” and “math answers” among others, as tweeted by Microsoft Security Intelligence.
When these PDF files are opened, they prompt users to download a .doc file or .pdf version of their desired info. By clicking on these links, users are redirected through 5 to 7 websites before reaching to an attacker-controlled website which imitates Google Drive and are asked to download the file.
Typically this file is the SolarMarker/Jupyter malware!
What is SolarMarker?
SolarMarker is a backdoor malware that steals data and credentials from browsers. It exfiltrates stolen data to a C2 server and persists by creating shortcuts in the Startup folder as well as modifying shortcuts on the desktop.
Think twice (maybe more) before you click on links or download and open files on websites and email attachments.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.