SolarMarker Backdoor
7/07/2021

Threat actors behind the SolarMarker/Jupyter malware have started using PDF documents filled with search engine optimization (SEO) keywords to boost their visibility on search engines in order to lead potential victims to malware on a malicious site that poses as Google Drive. SolarMarker is a backdoor malware that pretends to be a legit PDFescape installer which steals data and credentials from browsers once installed.

OVERVIEW

▪ Threat actors behind the SolarMarker/Jupyter malware have recently started using PDF documents filled with search engine optimization (SEO) keywords to boost their visibility on search engines in order to lead potential victims to malware on a malicious site that poses as Google Drive.

▪ SolarMarker is a backdoor malware that steals data and credentials from browsers.

▪ SEO poisoning is an illegitimate technique used to achieve a higher search engine ranking for websites to spread malware by prompting visitors to these highly ranked websites to download malicious files. Microsoft researchers found the attackers have started using Amazon Web Services (AWS) and Strikingly's service as well as Google Sites recently.

Sign Up Here for Download