1 2 Ambtion.com 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 Ambtion.com 279 280 281 Advertise Free on Auto-pilot!
Watch the latest videos on YouTube.com
newgoldenjewels: SolarMarker Malware Uses Novel Techniques To Persist On Hacked Systems

Tuesday, May 30, 2023

SolarMarker Malware Uses Novel Techniques To Persist On Hacked Systems

 In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy Windows Registry tricks to establish long-term persistence on compromised systems.

Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected on targeted networks despite the campaign witnessing a decline in November 2021.

Boasting of information harvesting and backdoor capabilities, the .NET-based malware has been linked to at least three different attack waves in 2021. The first set, reported in April, took advantage of search engine poisoning techniques to trick business professionals into visiting sketchy Google sites that installed SolarMarker on the victim's machines.

Then in August, the malware was observed targeting healthcare and education sectors with the goal of gathering credentials and sensitive information. Subsequent infection chains documented by Morphisec in September 2021 highlighted the use of MSI installers to ensure the delivery of the malware.

The SolarMarker modus operandi commences with redirecting victims to decoy sites that drop the MSI installer payloads, which, while executing seemingly legitimate install programs such as Adobe Acrobat Pro DC, Wondershare PDFelement, or Nitro Pro, also launches a PowerShell script to deploy the malware.


"These SEO efforts, which leveraged a combination of Google Groups discussions and deceptive web pages and PDF documents hosted on compromised (usually WordPress) websites, were so effective that the SolarMarker lures were usually at or near the top of search results for phrases the SolarMarker actors targeted," Sophos researchers Gabor Szappanos and Sean Gallagher said in a report shared with The Hacker News.

The PowerShell installer is designed to alter the Windows Registry and drop a .LNK file into Windows' startup directory to establish persistence. This unauthorized change results in the malware getting loaded from an encrypted payload hidden amongst what the researchers called a "smokescreen" of 100 to 300 junk files created specifically for this purpose.

"Normally, one would expect this linked file to be an executable or script file," the researchers detailed. "But for these SolarMarker campaigns the linked file is one of the random junk files, and cannot be executed itself."

What's more, the unique and random file extension used for the linked junk file is utilized to create a custom file type key, which is ultimately employed to execute the malware during system startup by running a PowerShell command from the Registry.

The backdoor, for its part, is ever-evolving, featuring an array of functionalities that allow it to steal information from web browsers, facilitate cryptocurrency theft, and execute arbitrary commands and binaries, the results of which are exfiltrated back to a remote server.

"Another important takeaway […], which was also seen in the ProxyLogon vulnerabilities targeting Exchange servers, is that defenders should always check whether attackers have left something behind in the network that they can return to later," Gallagher said. "For ProxyLogon this was web shells, for SolarMarker this is a stealthy and persistent backdoor that according to Sophos telematics is still active months after the campaign ended."

Related articles
  1. Hack Tools Github
  2. Hacking Tools 2019
  3. Pentest Tools Open Source
  4. Hacking Tools Hardware
  5. Hacking Tools 2019
  6. Computer Hacker
  7. Tools 4 Hack
  8. Hackrf Tools
  9. Hack Tools For Ubuntu
  10. Pentest Tools Android
  11. Pentest Box Tools Download
  12. Hacker Tools Mac
  13. Hack Rom Tools
  14. New Hack Tools
  15. Game Hacking
  16. Ethical Hacker Tools
  17. Hacker
  18. Hack Tools For Ubuntu
  19. Hacker Tools Apk
  20. Hacker Tools Free Download
  21. Hack And Tools
  22. Hacking Tools Windows 10
  23. Hacking Tools For Pc
  24. Hacking Tools For Games
  25. Hacker Tools For Pc
  26. Pentest Tools Android
  27. Termux Hacking Tools 2019
  28. Tools Used For Hacking
  29. Pentest Tools Bluekeep
  30. Hack Tools Pc
  31. Pentest Tools Open Source
  32. Game Hacking
  33. Pentest Tools Port Scanner
  34. Hacker Tools 2019
  35. Hack App
  36. Hacker Tools Apk
  37. Hacker Tools Github
  38. Physical Pentest Tools
  39. Hack And Tools
  40. How To Hack
  41. New Hacker Tools
  42. Top Pentest Tools
  43. Pentest Tools For Mac
  44. Best Pentesting Tools 2018
  45. Hacking Tools Mac
  46. Hack Website Online Tool
  47. Pentest Recon Tools
  48. Pentest Tools Android
  49. Best Hacking Tools 2019
  50. How To Hack
  51. Tools 4 Hack
  52. Hacker Tools List
  53. Hacking Tools Download
  54. Hacking Tools Windows
  55. Game Hacking
  56. Hacker Security Tools
  57. Best Hacking Tools 2019
  58. Top Pentest Tools
  59. What Is Hacking Tools
  60. Hacking Tools Windows
  61. How To Hack
  62. Hacking Tools And Software
  63. Hacking Apps
  64. Hacking Tools For Pc
  65. Pentest Tools Url Fuzzer
  66. Termux Hacking Tools 2019
  67. Pentest Tools List
  68. Wifi Hacker Tools For Windows
  69. Hacker Search Tools
  70. Hacker Techniques Tools And Incident Handling
  71. Pentest Tools
  72. Pentest Tools
  73. Pentest Tools Kali Linux
  74. Pentest Automation Tools
  75. Hacker Tools Windows
  76. Tools For Hacker
  77. Hacker Tools For Ios
  78. Hacker Tools Apk
  79. Tools For Hacker
  80. Physical Pentest Tools
  81. Termux Hacking Tools 2019
  82. Tools For Hacker
  83. Hack Tools For Windows
  84. Hack And Tools
  85. Hacking Tools For Beginners
  86. Hack Tools Github
  87. Pentest Tools Website Vulnerability
  88. Pentest Tools Nmap
  89. Hackers Toolbox
  90. Hacking Tools For Mac
  91. Hack Tools Online
  92. Pentest Tools Subdomain
  93. Hacker Tools Hardware
  94. Hack Tools For Games
  95. Tools Used For Hacking
  96. Wifi Hacker Tools For Windows
  97. Pentest Tools Apk
  98. Hack Tools For Mac
  99. Hack Tools For Mac
  100. Pentest Tools Nmap
  101. Tools For Hacker
  102. Hack Website Online Tool
  103. Pentest Tools For Ubuntu
  104. Pentest Tools Website Vulnerability
  105. Hacking Tools Software
  106. Pentest Tools Linux
  107. Hacker
  108. Hack Tools Github
  109. Pentest Tools Find Subdomains
  110. Hacker Tools For Ios
  111. Underground Hacker Sites
  112. How To Make Hacking Tools
  113. Tools 4 Hack
  114. Pentest Tools Alternative
  115. Hacking Tools
  116. Hacker Tools Mac
  117. Hack And Tools
  118. Hacker Tools Online
  119. Pentest Tools Windows
  120. Game Hacking
  121. Hack Tools For Mac
  122. Tools For Hacker
  123. Pentest Tools Android
  124. Hacking Tools
  125. Hacking Tools And Software
  126. Pentest Tools Apk
  127. Pentest Tools Online
  128. Hacking Tools For Beginners
  129. World No 1 Hacker Software
  130. Hacker Tools 2020
  131. Hak5 Tools
  132. Hacking Tools For Windows 7
  133. Hacker Tools List
  134. Hacker Tools Free
  135. Nsa Hack Tools
  136. Pentest Tools Apk
  137. Hacking Tools Software
  138. Pentest Reporting Tools
  139. Hacking Tools Download
  140. Hacker Tools Apk Download
  141. Pentest Tools Nmap
  142. Hacking Tools Software
  143. Hacking Tools
  144. Nsa Hacker Tools
  145. Hacking Apps
  146. Easy Hack Tools
  147. Best Pentesting Tools 2018
  148. Hacker Hardware Tools
  149. Pentest Tools Open Source
  150. Pentest Recon Tools
  151. Hacking Tools For Windows 7
  152. Pentest Tools Github
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)