Cybersecurity researchers from Palo Alto Networks disclosed a new version of the SolarMarker malware that implements new features to avoid detection.
SolarMarker (aka Jupyter, Polazert, and Yellow Cockatoo) is a fileless .NET RAT that implements backdoor capabilities and allows operators to steal credentials from web browsers, it gains persistence by adding itself to the Startup folder and modifying shortcuts on the victims’ desktop.
The RAT is also used to deliver other malicious payloads on the infected devices.