“Solarmarker” is a “highly modular”.NET-based information stealer and keylogger. Healthcare and education sectors are the frequent targets of a new surge in credential harvesting activity from the malware. Talos’ static and dynamic analysis of the malware points to a Russian-speaking adversary, although the threat intelligence group suspects the malware creators could have intentionally designed them in such a manner in an attempt to mislead attribution. The renewed activity has also been accompanied by a shift in tactics and multiple iterations to the infection chain, including the use of SEO poisoning.
Source: https://thehackernews.com/2021/08/solarmarker-infostealer-malware-once.html