There’s a new wild kid on the threat block, called SolarSys. It is a sophisticated Trojan targeting banking customers with a multi-pronged approach to data theft. With a modular setup that includes JavaScript backdoors, mail worms, and stealthy spying tools, SolarSys is tough to detect—and tougher to stop.
How SolarSys Works
- Multi-Component Setup: SolarSys is built with specialized modules: JavaScript backdoors, email worms, and spying tools, each crafted to bypass security defenses and steal valuable data.
- Domain Generation Algorithm (DGA): This feature rapidly creates new domains to evade detection, ensuring the Trojan can stay live even when security vendors attempt to block it.
- Infection via Fake Installers: The Trojan disguises itself as legitimate applications (like Java) using fake MSI installers, which run malicious code to establish a backdoor for regular updates and persistent access.
Auto-Spreading via Phishing
SolarSys uses a Node.js environment to send phishing emails from the infected user’s account, reaching out to contacts with malware-laden attachments. These phishing emails keep the malware spreading in a “self-propagating” cycle.
Targeting Personal Data and Banking Info
The Trojan’s spy components can capture:
- Google Chrome credentials, browsing history, and more.
- Banking details by overlaying a fake login screen on major bank sites.
How To Protect Yourself
Be cautious with installers—stick to official sources for software downloads.
Activate multi-layered security to detect unusual network activity.
Monitor email activity for unexpected messages sent to your contacts.
Use two-factor authentication (2FA) to add another layer of security for bank accounts.
Stay vigilant, and avoid downloads from unknown sources!!!
.png)
.png)