Microsoft tracking a series of attacks that use SEO poisoning to infect targets with a remote access trojan (RAT) SolarMaker RAT. SolarMarker is designed to provide its masters with a backdoor to compromised systems and steal credentials from web browsers. The data it manages to harvest from infected systems is exfiltrated to the command-and-control server. SolarMaker developers are believed to be Russian-speaking threat actors based on Russian to English translation misspelling, according to Morphisec.
Source: https://www.bleepingcomputer.com/news/security/microsoft-seo-poisoning-used-to-backdoor-targets-with-malware/