A malware actor used their own brand of SEO poisoning to distribute malicious files, according to research published Tuesday by Sophos.
Sophos' latest report concerns SolarMarker, a backdoor and information-stealing malware that was initially detected in late 2020. The malware was typically installed when victims visited a Google search result that has been planted near the top of a search due to threat actors' search engine optimization (SEO) poisoning. These links are designed to get a user to download a fake Windows installer running a PowerShell script.
While SEO poisoning itself is a well-known technique, the effectiveness of this particular approach is one thing that makes this campaign stand out, Sophos said in its report.
"These SEO efforts, which leveraged a combination of Google Groups discussions and deceptive web pages and PDF documents hosted on compromised (usually WordPress) websites, were so effective that the SolarMarker lures were usually at or near the top of search results for phrases the SolarMarker actors targeted," the report read.
SophosLabs senior threat researcher Sean Gallagher, who co-authored the report, said one reason this is unusual is that a significant amount of SEO poisoning comes from "downloader-as-a-service" operations and not individual operators.
"SEO poisoning used to be a lot more common of a technique, but it's been much more rare recently because it's not as effective for targeted attacks," he told SearchSecurity. "Most of the...
Read Full Story: https://www.techtarget.com/searchsecurity/news/252512840/SolarMarker-malware-spread-through-advanced-SEO-poisoning
Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.