The name Solarmarker, which is an active malware campaign since September 2020, has grabbed headlines again. The CISCO Researchers have warned users about the Solarmarker malware which has now evolved as a potential information stealer and keylogger. The researchers have been analyzing the malware for new information as the malware already gained attention during previous campaigns.
This malware campaign has become a threat to the educational and healthcare industry in particular. Reports suggest that these attacks are managed by “fairly sophisticated” actors focusing on credential harvesting activities. However, they are using the same technique as in the previous campaign called SEO poisoning, thus making their dropper files highly visible in search results.
The Microsoft Security Intelligence team disclosed that “Operators of the malware are aiming to find new success using an old technique: SEO poisoning.”
This malware points to the importance of Web Application Penetration Testing especially for those sectors which are targeted by such malware. To defend against SEO poisoning, we need to Maintain end-user security solutions and keep our websites and web applications free of any web vulnerabilities.