SolarMarker Using Watering Hole Attacks and Fake Chrome Browser Updates, Infects Business Professionals

Researchers have uncovered the cyberattack group behind the SolarMarker malware, which is targeting a global tax consulting firm with offices in the United States, Canada, the United Kingdom, and Europe. It is using fake Chrome browser updates as part of watering hole attacks. This is a fresh approach for the group, replacing its previous method of SEO poisoning, also known as spamdexing.

SolarMarker is a multistage malware that can steal autofill data, saved passwords, and credit card information from victims’ browsers. According to an advisory issued on Friday by eSentire’s Threat Response Unit (TRU), the threat group was observed exploiting vulnerabilities in a medical equipment manufacturer’s website, which was built with the popular open-source content management system WordPress. The victim worked for a tax consulting firm and used Google to look up the manufacturer’s name.

“This tricked the employee into downloading and executing SolarMarker, which was disguised as a Chrome update,” the advisory noted.

“The fake browser update overlay design is based on what browser the victim is utilizing while visiting the infected website,” the advisory added. “Besides Chrome, the user might also receive the fake Firefox or Edge update PHP page.”

Considering that the TRU team has only witnessed a single infection of this vector type, it is unclear whether the SolarMarker group is testing new tactics or preparing for a larger campaign. Previous SolarMarker attacks used SEO poisoning to target people who searched online for free templates of popular business documents and business forms.

Increase Employee Awareness by Monitoring Endpoints

The TRU advisory outlines four key steps organisations can take to mitigate the impact of these types of attacks, including increasing employee awareness of automatic browser updates and avoiding downloading files from unknown sites.

“Threat actors research the kind of documents businesses look for and try to get in front of them with SEO,” the advisory stated. “Only use trusted sources when downloading content from the internet, and avoid free and bundled software.”

Read the full article here

Hosted by
News Room

Cybervizer is a blog and podcast site that focuses on the latest technology and cybersecurity topics that are impacting enterprises, both small and large. Join us to explore the most important trends in enterprise technology and cybersecurity today. Get true insights into the tech and trends that will impact you and your organization.

Sign Up for Our Morning Boot Cybersecurity Newsletter

Sponsored Ad

Cybervizer Recommended Book