The hackers behind the malware called SolarMarker have begun using an innovative and unexpected means of distributing their poisoned code.

They’ve started publishing PDF documents filled with SEO (Search Engine Optimization) keywords in a bid to boost the visibility of malicious websites that pose as Google Drive, but in fact, are simply repositories for the malware itself.

A potential victim may get an email containing a PDF promising detailed information on attractive insurance rates or attractive credit card deals. Clicking on the links in the PDF will redirect the victim to a site designed to look like Google Drive, with instructions to download a different file on the drive. It is the act of clicking the file on the drive that dooms the user.

SEO is a tried and true marketing tactic used by legitimate business owners to drive traffic to their sites, co-opted, in this case, for a nefarious purpose. Unfortunately, it has proven to be a wildly effective thus far.

As to the malware itself, SolarMarker is a backdoor malware that steals login credentials and other data from web browsers. So it’s not harmful on its own, but it makes it easier for the hackers controlling it to introduce damaging malware down the road and/or steal a victim’s identity.

Crowdstrike was the first company to sound the alarm when researchers at the company first discovered the unusual marketing campaign for the malware. Note that thus far, at least, SolarMarker’s makers seem to have focused the bulk of their attention on North America.

PDFs have been used for a very long time to deliver malicious payloads, but the unusual methodology used here makes this attack noteworthy. Be on your guard against any PDFs you or your staff receive from unknown, un-trusted sources. Clicking links embedded in those files may net you much more than you bargained for, and not in a good way.

Used with permission from Article Aggregator

We're Here To Help!

Office

PO Box 41063
Brecksville, OH 44141

Hours

24 / 7 / 365

Call Us

(440) 838-8300

Recommended
WordPress › Error

There has been a critical error on this website.

Learn more about troubleshooting WordPress.