Cybercriminals leveraging the SolarMarker .NET-based backdoor are using a technique called SEO poisoning to drive malicious payloads into victims’ systems so they can gain access to the credentials and data within.
According to researchers at Menlo Security, the SolarMarker campaign is one of two such efforts they’ve seen in recent months using SEO poisoning to deceive users and get them to download the malicious payload into their systems. They’re also the latest examples of bad actors both using supply chain types of attacks and looking to take advantage of an IT world that is continuing to decentralize as enterprises migrate more workloads and data to the cloud and more people work remotely.
The SolarMarker campaign is another indication of the growing use of the remote access Trojan (RAT), which has been linked to other breaches and previously has been seen to use SEO poisoning tactics.
“In addition to SolarMarker, the Menlo Labs team has seen a rise in attacks designed to target users, as opposed to organizations, bypassing traditional security measures,” the researchers wrote in a blog post this week. “These types of highly evasive attacks have been seen before, but the velocity, volume, and complexity of this new wave has increased in recent months.”
Compromising Devices through Search Results
Hackers are “exploiting the new world order in which the lines between business and personal device use are blurred,” they wrote. “In these attacks, threat actors turn...
Read Full Story: https://www.esecurityplanet.com/threats/solarmarker-attackers-use-seo-poisoning-to-push-malicious-code/
Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.
