Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

SolarMarker Malware Evades Detection

May 21, 2024
Reading Time: 3 mins read
in Alerts
SolarMarker Malware Evades Detection

The SolarMarker malware, a persistent and sophisticated threat known by several names including Deimos and Jupyter Infostealer, has developed a multi-tiered infrastructure designed to thwart law enforcement takedown attempts. According to a recent report by Recorded Future, this infrastructure consists of at least two clusters: a primary one for active operations and a secondary one likely used for testing new strategies or targeting specific regions. This separation enables the malware to adapt and respond effectively to countermeasures, making it particularly difficult to eradicate.

Since its emergence in September 2020, SolarMarker has continuously evolved, enhancing its stealth capabilities and increasing its payload sizes. It leverages valid Authenticode certificates and novel Windows Registry changes to avoid detection, and it can run directly from memory rather than disk. SolarMarker primarily targets sectors such as education, government, healthcare, hospitality, and small to medium-sized enterprises. Infection methods include hosting the malware on bogus downloader sites and using SEO poisoning or malicious email links to lure victims.

SolarMarker’s infection process begins with executables or Microsoft Software Installer files, which deploy a .NET-based backdoor responsible for downloading additional payloads to facilitate information theft. The malware also employs alternate sequences involving counterfeit installers that drop a legitimate application or decoy file while launching a PowerShell loader to execute the backdoor in memory. Recently, SolarMarker attacks have also included a Delphi-based hVNC backdoor called SolarPhantom, enabling remote control of victim machines without their knowledge.

Recorded Future’s investigation into the malware’s command-and-control (C2) servers revealed a multi-tiered architecture with four levels. Tier 1 servers communicate directly with victim machines and connect to Tier 2 servers via port 443. This communication pattern continues up to Tier 4 servers, which serve as the central administration point for downstream servers. Additionally, Tier 4 servers communicate with an auxiliary server via port 8033, possibly for monitoring purposes. The sophisticated structure of SolarMarker underscores the significant challenge it poses to cybersecurity efforts.

Reference:

  • SolarMarker Malware’s Evolving Infrastructure Thwarts Detection

Tags: Cyber AlertCyber Alerts 2024Cyber RiskCyber threatDeimosJupyter InfostealerMalwareMay 2024SolarMarker malware
ADVERTISEMENT

Related Posts

Fake PyPI Login Site Steals Credentials

Fake PyPI Login Site Steals Credentials

September 26, 2025
Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

September 26, 2025
Fake PyPI Login Site Steals Credentials

Hidden WordPress Backdoors Create Admins

September 26, 2025
BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025

Latest Alerts

Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

Hidden WordPress Backdoors Create Admins

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Indian Bank Transfer Records Exposed

    Chinese Cyberspies Hit US Defense Firms

    Neon App Shuts Down After Data Leak

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial