Tweet
Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into seemingly legitimate Google sites that install a Remote Access Trojan (RAT) capable of carrying out a wide range of attacks.
Once a victim lands on the attacker-controlled website and downloads the document being searched for, it becomes an entry point for more sophisticated threats, ultimately resulting in the installation of a .NET-based RAT called SolarMarker (aka Yellow Cockatoo, Jupyter, and Polazert).