Solarmarker Infostealer lures have officially gone too far!



As I continue to hunt for various lures and redirects for the Jupyter Infostealer, outlined in my previous article, I am amazed at the vast array of searches that lead to the malware! I took a game I enjoy and decided to search for that, using known "initial" pages where the redirects have been seen.

Oh.... they got Dragon Quest too! This makes me sad....







As it is, I've found several other links just like this and so far all of the ones I've found in the last couple days end up landing on the same file Hash (different name of course) as the one in my previous article.

Hash: da2eb36e763ecf1a47532e9f8efeacb7

Again, also many redirects involved, mostly .tk TLDs. I suspect these large droppers are being rotated out on some schedule, monthly perhaps. So maybe I won't run into a new sample dropper and .DLL for a bit. If anyone finds anythign different, please let me know!

Comments