Attackers behind the malware known as SolarMarker are using PDF documents filled with search engine optimization (SEO) keywords to boost their visibility on search engines in order to lead potential victims to malware on a malicious site that poses as Google Drive.
ZDNet Recommends
According to Microsoft, SolarMarker is a backdoor malware that steals data and credentials from browsers.
SEO poisoning is an old-school technique that uses search engines to spread malware. In this case, the attackers are using thousands of PDFs filled with keywords and links that redirect the unwary across multiple sites towards one that installs the malware.
SEE: Network security policy (TechRepublic Premium)
"The attack works by using PDF documents designed to rank on search results. To achieve this, attackers padded these documents with >10 pages of keywords on a wide range of topics, from "insurance form" and "acceptance of contract" to "how to join in SQL" and "math answers"," said Microsoft Security Intelligence in a tweet.
Crowdstrike raised an alarm about SolarMarker in February for using the same SEO poisoning tactics. The malware predominantly targeted users in North America.
The attackers were hosting pages on Google Sites as lures for the malicious downloads. The sites were promoting document downloads and were often highly ranked in search results, again to boost search ranking.
Microsoft researchers found the attackers have started using Amazon Web Services (AWS) and Strikingly's service as well as Google ..
Support the originator by clicking the read the rest link below.
