Security News > 2022 > April > New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar

Cybersecurity researchers have disclosed a new version of the SolarMarker malware that packs in new improvements with the goal of updating its defense evasion abilities and staying under the radar.

"This campaign is still in development and going back to using executables files as it did in its earlier versions."

In February 2022, the operators of SolarMarker were observed using stealthy Windows Registry tricks to establish long-term persistence on compromised systems.

The large file size not only allows the initial stage dropper to avoid automated analysis by antivirus engines, it's also designed to download and install the legitimate program while, in the background, it activates the execution of a PowerShell installer that deploys the SolarMarker malware.

A.NET-based payload, the SolarMarker backdoor is equipped with capabilities to conduct internal reconnaissance and vacuum system metadata, all of which is exfiltrated to the remote server over an encrypted channel.

"The malware invests significant effort into defense evasion, which consists of techniques like signed files, huge files, impersonation of legitimate software installations and obfuscated PowerShell scripts," the researchers said.

News URL

https://thehackernews.com/2022/04/new-solarmarker-malware-variant-using.html