Click to Skip Ad
Closing in...
  1. Control Garage Door With iPhone
    08:10 Deals

    Unreal deal gets you Amazon’s hottest smart home gadget for $23 – plus a $40 c…

  2. Amazon Gift Card Promotion
    14:41 Deals

    Amazon’s giving away $15 credits, but this is your last chance to get one

  3. Self-Emptying Robot Vacuum
    16:11 Deals

    Amazon coupon slashes our favorite self-emptying robot vacuum to its lowest price ever

  4. Amazon Echo Auto Price
    11:41 Deals

    Last chance to add hands-free Alexa to your car for $19.99 with this Amazon deal

  5. Best Memory Foam Mattress
    12:31 Deals

    When 75,000 Amazon shoppers rave about a $130 memory foam mattress, you need to check it o…




Hackers are using an old but devious trick to spread new malware

June 15th, 2021 at 4:47 PM
New malware threat

Microsoft security experts are sounding the alarm on a new malware threat that uses an old but devious method to implant its code onto victims’ computers.

It seems that the malware operators behind SolarMarker are finding new success with an old trick called “SEO poisoning.” Basically, according to Microsoft, this involves “stuffing” thousands of PDF documents with SEO keywords and links which start a cascade of redirections that eventually leads the unsuspecting user to malware. “The attack works by using PDF documents designed to rank on search results,” Microsoft Security Intelligence explained on Twitter in recent days. “To achieve this, attackers padded these documents with >10 pages of keywords on a wide range of topics, from ‘insurance form’ and ‘acceptance of contract’ to ‘how to join in SQL’ and ‘math answers.'”

Today's Top Deal Unreal deal gets you Amazon’s hottest smart home gadget for $23 – plus a $40 credit! List Price:$29.98 Price:$21.94 You Save:$8.04 (27%) Buy Now Available from Amazon, BGR may receive a commission Available from Amazon BGR may receive a commission

Microsoft continues by pointing to an eSentire blog post, which noted that these attackers have in the past used Google sites to host these infected documents, while in recent campaigns Microsoft researchers have noticed the attackers shift to Amazon Web Services and Strikingly.

Here’s how eSentire, which is a cybersecurity vendor, explains the way the process has worked, at least in recent weeks:

Business professionals are “being lured to hacker-controlled websites, hosted on Google Sites, and inadvertently installing a known, emerging Remote Access Trojan (RAT) … The attack starts with the potential victim performing a search for business forms such as invoices, questionnaires, and receipts.” The campaign, eSentire continues, lays out traps using Google search redirection, and once the RAT has been activated on a victim’s computer, “the threat actors can send commands and upload additional malware to the infected system,” including ransomware.

Microsoft notes that SolarMarker, the malware mentioned above, is a backdoor malware that steals data and credentials from browsers. This is yet another devious threat to be aware of — and another reminder to make sure you’re running the latest version of your operating software that includes the most up-to-date security measures — given that Microsoft has said this so-called “SEO poisoning” technique seems to be pretty effective. That’s evident, because Microsoft Defender Antivirus continues to detect and block “thousands of these PDF documents in numerous environments,” according to the company.

eSentire manager of threat intelligence Spence Hutchinson told ThreatPost in April that security leaders and their teams need to know that the group behind SolarMarker has gone to a lot of trouble to compromise business professionals, “spreading a wide net and using many tactics to successfully disguise their traps.”

Related coverage:

Today's Top Deal Unreal deal gets you Amazon’s hottest smart home gadget for $23 – plus a $40 credit! List Price:$29.98 Price:$21.94 You Save:$8.04 (27%) Buy Now Available from Amazon, BGR may receive a commission Available from Amazon BGR may receive a commission

Andy is a reporter in Memphis who also contributes to outlets like Fast Company and The Guardian. When he’s not writing about technology, he can be found hunched protectively over his burgeoning collection of vinyl, as well as nursing his Whovianism and bingeing on a variety of TV shows you probably don’t like.




Popular News