SOC analysts discovered a drive-by download attack using SolarMarker malware targeting Bing users searching for team-building activities. Victims were tricked into downloading a malicious file from a fake Indeed job search site. Upon execution, SolarMarker deployed StellarInjector and SolarPhantom, compromised Firefox data, and connected to C2 servers. The malware now embeds its backdoor in an AES-encrypted file’s resource section and uses RSA encryption for staging stolen data. Investigations confirmed the attack method and highlighted the need for vigilance and security updates.