Everyone has heard about computer viruses and malware. But most of the users don’t understand what they are and how they work. However, this doesn’t mean that hackers do not try to improve their techniques and get from your computers as much as possible. In this regard, Microsoft was talking about a new malware threat recently. The SolarMarker is a new kind of malware. But it uses an old but devious method to implant its code onto victims’ computers.
The method Microsoft security experts were talking about is “SEO poisoning.” As the Redmond-based company explains, it involves “stuffing” thousands of PDF documents with SEO keywords and links which start a cascade of redirections that eventually leads the unsuspecting user to malware. “The attack works by using PDF documents designed to rank on search results,” Microsoft Security Intelligence explained on Twitter in recent days. “To achieve this, attackers padded these documents with >10 pages of keywords on a wide range of topics, from ‘insurance form’ and ‘acceptance of contract’ to ‘how to join in SQL’ and ‘math answers.’”
The attackers have been previously using Google sites to host those infected PDF files. But now, the hackers began using Amazon Web Services and Strikingly for this goal.
How Does SolarMarker Steal User Data?
Below, you can find eSentire’s explanation of how the process works.
Business professionals are “being lured to hacker-controlled websites, hosted on Google Sites, and inadvertently installing a known, emerging Remote Access Trojan (RAT) … The attack starts with the potential victim performing a search for business forms such as invoices, questionnaires, and receipts.” The campaign, eSentire continues, lays out traps using Google search redirection, and once the RAT has been activated on a victim’s computer, “the threat actors can send commands and upload additional malware to the infected system,” including ransomware.
As said, the malware we are talking about is known as SolarMarker. In fact, it is a backdoor malware that can steal data and credentials from browsers. The first recommendation to protect your data is to make sure you’re running the latest version of your operating software. It should include the most up-to-date security measures. At least, Microsoft proves these are the best way to fight against the so-called “SEO poisoning” technique. We know that Microsoft Defender Antivirus detects and blocks “thousands of these PDF documents in numerous environments.”
Anyway, every day we hear about tons of leaks and hackers packages that sell user data. The latest and biggest set of user data includes information of about 8.4 billion users. So the big companies or governments should somehow withstand this.