Northeast IS would like to warn you of a highly effective phishing campaign currently wreaking havoc on unaware victims around the globe.

SolarMarker, malware that steals sensitive data and users’ credentials, has become widespread as cybercriminals continue to develop new tactics to trick you into launching the damaging malware. SolarMarker is easily disguised as documents relevant to your industry and contains popular work-related keywords like template, invoice, receipt, resume, or questionnaire.

SolarMarker will re-rank search engine results for common search terms which then send the unsuspecting user to a malicious webpage where the user is asked to download a document. Upon downloading the selected decoy document, the malware instantly begins infecting your device.

Due to the increase of successful phishing attempts by cyberthreat actors, Northeast IS would like to remind you of the importance of continuous cybersecurity vigilance. Malicious actors never give up and often exploit human behaviors to socially engineer the desired behavior from the user.

Malware is constantly evolving; therefore, cybersecurity best practices and user awareness continue to be our best defense. To protect yourself, please follow these cyber hygiene tips when searching for and downloading documents:

  • Does the website match the content you are looking for?
  • Are you redirected, or unexpectedly sent, to a third party site to download files?
  • Is the website a trusted source for documents?
  • Scrutinize any document download from an unknown source. If it doesn’t seem legitimate, it probably isn’t.



Microsoft has a default setting in Windows that hides file extensions (e.g., .txt or .pdf.) To enable file extensions open file explorer, click the view tab, and select ‘file name extensions.’ This will help to distinguish whether a file type is malicious or not. Learn the difference between expected and unexpected file extensions (e.g., .msi or .exe.)



Be suspicious of any unexpected system changes or new software installed on your workstation. If you think you may have fallen victim to a malware infection, please contact your IT department or vendor.


Thank you for your continued dedication to cybersecurity awareness and remaining alert in all of your online interactions. For more cybersecurity resources and best practices visit or contact us at 518-867-4110 or

Chat with a representative