SolarMarker Attack Leverages Weak WordPress Sites, Fake Chrome Browser Updates – DARKReading

The SolarMarker group is exploiting a vulnerable WordPress-run website to encourage victims to download fake Chrome browser updates, part of a new tactic in its watering-hole attacks.

Researchers have discovered the cyberattack group behind the SolarMarker malware targeting a global tax consulting organization with a presence in the US, Canada, the UK, and Europe, which is using fake Chrome browser updates as part of watering hole attacks.

It’s a new approach for the group, replacing its previous method of search engine optimization (SEO) poisoning, also known as spamdexing.

SolarMarker is multistage malware which can exfiltrate autofill data, saved passwords, and saved credit card information from victims’ Web browsers.

Preparation for a Wider Attack?

According to an advisory published by eSentire’s Threat Response Unit (TRU) on Friday, the threat group was seen exploiting weaknesses in a medical equipment manufacturer’s website, which was built with the popular open source content…

Read Full Story: https://www.darkreading.com/attacks-breaches/solarmarker-attack-wordpress-fake-chrome-browser-updates

The post SolarMarker Attack Leverages Weak WordPress Sites, Fake Chrome Browser Updates – DARKReading first appeared on SEO, Marketing and Social News | OneSEOCompany.com.

source: https://news.oneseocompany.com/2022/09/30/solarmarker-attack-leverages-weak-wordpress-sites-fake-chrome-browser-updates-darkreading_2022093031886.html

Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.