Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

SolarMarker Malware Evades Detection

May 21, 2024
Reading Time: 3 mins read
in Alerts
SolarMarker Malware Evades Detection

The SolarMarker malware, a persistent and sophisticated threat known by several names including Deimos and Jupyter Infostealer, has developed a multi-tiered infrastructure designed to thwart law enforcement takedown attempts. According to a recent report by Recorded Future, this infrastructure consists of at least two clusters: a primary one for active operations and a secondary one likely used for testing new strategies or targeting specific regions. This separation enables the malware to adapt and respond effectively to countermeasures, making it particularly difficult to eradicate.

Since its emergence in September 2020, SolarMarker has continuously evolved, enhancing its stealth capabilities and increasing its payload sizes. It leverages valid Authenticode certificates and novel Windows Registry changes to avoid detection, and it can run directly from memory rather than disk. SolarMarker primarily targets sectors such as education, government, healthcare, hospitality, and small to medium-sized enterprises. Infection methods include hosting the malware on bogus downloader sites and using SEO poisoning or malicious email links to lure victims.

SolarMarker’s infection process begins with executables or Microsoft Software Installer files, which deploy a .NET-based backdoor responsible for downloading additional payloads to facilitate information theft. The malware also employs alternate sequences involving counterfeit installers that drop a legitimate application or decoy file while launching a PowerShell loader to execute the backdoor in memory. Recently, SolarMarker attacks have also included a Delphi-based hVNC backdoor called SolarPhantom, enabling remote control of victim machines without their knowledge.

Recorded Future’s investigation into the malware’s command-and-control (C2) servers revealed a multi-tiered architecture with four levels. Tier 1 servers communicate directly with victim machines and connect to Tier 2 servers via port 443. This communication pattern continues up to Tier 4 servers, which serve as the central administration point for downstream servers. Additionally, Tier 4 servers communicate with an auxiliary server via port 8033, possibly for monitoring purposes. The sophisticated structure of SolarMarker underscores the significant challenge it poses to cybersecurity efforts.

Reference:

  • SolarMarker Malware’s Evolving Infrastructure Thwarts Detection

Tags: Cyber AlertCyber Alerts 2024Cyber RiskCyber threatDeimosJupyter InfostealerMalwareMay 2024SolarMarker malware
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial