Security News > 2021 > August > Solarmarker InfoStealer Malware Once Again Making its Way Into the Wild
NET-based information stealer and keylogger, charting the course for the threat actor's continued evolution while simultaneously remaining under the radar.
Dubbed "Solarmarker," the malware campaign is believed to be active since September 2020, with telemetry data pointing to malicious actions as early as April 2020, according to Cisco Talos.
"At its core, the Solarmarker campaign appears to be conducted by a fairly sophisticated actor largely focused on credential and residual information theft," Talos researchers Andrew Windsor and Chris Neal said in a technical write-up published last week.
"Operators of the malware known as SolarMarker, Jupyter, [and] other names are aiming to find new success using an old technique: SEO poisoning," the Microsoft Security Intelligence team disclosed in June.
Talos' static and dynamic analysis of Solarmarker's artifacts points to a Russian-speaking adversary, although the threat intelligence group suspects the malware creators could have intentionally designed them in such a manner in an attempt to mislead attribution.
"The actor behind the Solarmarker campaign possesses moderate to advanced capabilities," the researchers concluded.