Cybersecurity researchers have disclosed an advanced version of the SolarMarker malware that packs in new improvements with the goal of updating its defence evasion abilities and staying under the radar.
“The recent version demonstrated an evolution from Windows Portable Executables (EXE files) to working with Windows installer package files (MSI files),” Palo Alto Networks Unit 42 researchers said in a report published this month. “This campaign is still in development and going back to using executables files (EXE) as it did in its earlier versions.”
SolarMarker, also called Jupyter, leverages manipulated search engine optimization (SEO) tactics as its primary infection vector. It’s known for its information stealing and backdoor features, enabling the attackers to steal data stored in web browsers and execute arbitrary commands retrieved from a remote server.
In February 2022, the operators of SolarMarker were observed using stealthy Windows Registry tricks to establish long-term persistence on compromised systems.
images from Hacker News