Criminals Use Fake Websites to Spread the SolarMarker RAT
An unknown group of cybercriminals has organized a large-scale campaign, which involves the use of malware tracked under the alias SolarMarker RAT. Typically, cybercriminals rely on multiple approaches to reach their targets, but the crooks behind this SolarMarker RAT campaign have opted to use a unique approach. They have set up thousands of fake websites, which are easy to find through an online search – this was achieved by employing a wide range of search engine optimization (SEO) tactics meant to take the websites to the top of search results for specific terms.
It seems that the websites linked to SolarMarker RAT are exploiting keywords that are likely to be used by businesses and companies – for example, many of the websites are found when searching for CVs, invoices, document templates, and similar content. However, instead of downloading a legitimate document, visitors may end up interacting with a malicious file meant to deploy the SolarMarker RAT.
This Remote Access Trojan (RAT) provides its operators with the ability to perform all sorts of tasks on the compromised system, including the ability to install additional malware. Of course, since the SolarMarker RAT targets businesses, it is likely that the criminals are likely to try to obtain confidential information or extort the victim for money by installing ransomware.
The SolarMarker RAT campaign shows how creative cybercriminals can be when spreading their malicious software – you should always be careful when searching for data to download from the Internet since it may be very easy to stumble across a potentially malicious website. The SolarMarker RAT is being hosted on thousands of custom-built pages posing as legitimate sources of templates, documents, and similar files. The best way to make sure that you will never end up running malware by accident is to protect your computer via a reputable antivirus software suite.