Financially Motivated1 malware family

SOLAR SPIDER

Also known asSOLAR SPIDER

Solar Spider is a financially motivated threat actor tracked under the alias Solar Spider. Available reporting in the provided content states that the group has conducted phishing campaigns delivering the JSOutProx RAT against financial institutions across Africa, the Middle East, South Asia, and Southeast Asia. CrowdStrike reporting cited in the content also says Solar Spider began shifting attention to Latin America in 2024. Additional reporting in the content states that Indian authorities arrested two Nigerian nationals believed to be members of Solar Spider and accused them of stealing more than $750,000 from a bank in Gujarat. Based on the provided content, the group is associated with phishing-led intrusions, remote access malware delivery, and financial-sector targeting across multiple regions.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Who they target

Sectors the actor has been observed targeting.

finance

MITRE ATT&CK

Tradecraft

1 distinct technique observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

1 of 15 tactics1 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0001

Initial Access

1 technique

T1190

Exploit Public-Facing Application

ARSENAL

Associated malware families

1 malware family attributed to this actor across reporting.

FamilyContextEvidenceLast seen

JsOutProx"SOLAR SPIDER’s phishing campaigns deliver the JSOutProx RAT to financial institutions across Africa, the Middle East, South Asia and Southeast Asia."1Mar 18, 2026

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app

risky biz rssNews

Mar 13, 2026

Another residential proxy provider falls as authorities continue crackdowns

Criminal group whose alleged members were arrested in India for planning to exploit vulnerabilities in cooperative banks and transfer stolen funds to mule accounts; they had already stolen funds from a bank in Gujarat.

dark readingNews

May 21, 2025

Pandas Galore: Chinese Hackers Boost Attacks in Latin America

Financially motivated threat group that began shifting attention to Latin America in 2024 (Russia mentioned for Renaissance Spider; Solar Spider geography not explicitly stated).

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping1

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal1

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.