Morphisec Threat Lab researchers have identified a new ValleyRAT malware variant linked to the Silver Fox APT group, which is now being spread through phishing emails, compromised websites, and fake software downloads, Hackread reports.This campaign primarily targets finance, accounting, and sales professionals, aiming to steal sensitive data. Unlike earlier versions that used PowerShell scripts, the latest variant is distributed via a fake Chinese telecom website called “Karlos” and a fraudulent Chrome browser download from anizomcom/. Once installed, the malware downloads a .NET executable that escalates privileges and deploys additional components, including DLL files for stealthy execution. It leverages DLL side-loading techniques, using a modified executable for Douyin, the Chinese version of TikTok, and legitimate Tier0.dll files from popular games like Left 4 Dead 2. The malware executes its payload through nslookup.exe, bypassing traditional detection methods. Researchers warn that its advanced evasion techniques, including anti-VMware checks and security bypass tactics, highlight the need for stronger cybersecurity measures, such as endpoint protection and real-time monitoring.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds