SolarMarker Malware Still Active on Compromised Systems? Experts Explain Why It's Alarming

SolarMarker malware is now concerning cybersecurity experts because of its severity. Researchers said this computer virus is shifting its tactics, leveraging stealthy tricks to create long-term persistence on breached systems.

TrickBot Malware Now Targets Amazon, Microsoft, PayPal Users Among Other Tech Giants
Female Engagement Team) 1st Battalion 8th Marines, Regimental Combat team II works late into the night on her laptop on her reports on November 12, 2010 in Musa Qala, Afghanistan. There are 48 women presently working along the volatile front lines of the war in Afghanistan deployed as the second Female Engagement team participating in a more active role. by Paula Bronstein/Getty Images
(Photo : Photo by Paula Bronstein/Getty Images)

The security firm Sophos is the one that first discovered the enhancing activity of the threat actors behind the dangerous malware. Now, the company detected that some of the remote access implants of SolarMarker are still active on the recently targeted networks.

They identified its malicious content on the compromised systems even though the malicious campaign was already inactive since November 2021.

SolarMarker Malware's Linkage To Other Attacks

According to The Hacker News' latest report, SolarMarker malware has been linked to three different security attacks. The first one was the breach back in April 2021.

SolarMarker Malware Still Active on Compromised Systems? Experts Explain Why It's Alarming
A Sudanese man repairs a laptop in front of stocks of spare parts in the capital Khartoum, on December 14, 2020. - The United States removed Sudan from its state sponsors of terrorism blacklist and declared a "fundamental change" in relations, less than two months after the Arab nation pledged to normalise ties with Israel. (Photo by Yasuyoshi CHIBA / AFP) Photo by YASUYOSHI CHIBA/AFP via Getty Images

This security attack was able to fool some business professionals into clicking malicious Google sites, which have the SolarMarker malware installations.

On the other hand, another attack linked to the computer virus gathered sensitive user details from some healthcare and education sectors.

"These SEO efforts, which leveraged a combination of Google Groups discussions and deceptive web pages and PDF documents hosted on compromised (usually WordPress) websites, were so effective," said Gabor Szappanos, a Sophos researcher.

He added that this characteristic allows SolarMarker hackers to be on the top search results, enabling them to trick their victims.

Other Severe Malware

Malware and other malicious content are being deployed by various hacking groups and independent cybercriminals.

Aside from the SolarMarker malware, an Android virus also concerned security experts. Ars Technica reported that this malicious campaign can factory-reset its victims' smartphones after attacking their bank accounts.

This means it will take long before the victims know that their online bank accounts were actually breached.

In other news, an Apple executive shared the iPhone maker's data minimization plans to celebrate Data Privacy Day 2022. Meanwhile, a fake 2FA authenticator app was downloaded around 10,000 times.

For more news updates about the SolarMarker malware and other security threats, always keep your tabs open here at TechTimes.

This article is owned by TechTimes

Written by: Griffin Davis

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics