Summary: Cybersecurity researchers have identified a series of cyber attacks targeting Chinese-speaking regions using a malware known as ValleyRAT. These attacks utilize a multi-stage loader called PNGPlug to deliver the malware through a phishing scheme disguised as legitimate software. The campaign highlights the attackers’ sophisticated methods, including the use of benign applications to conceal malicious activities.
Threat Actor: Silver Fox | Silver Fox
Victim: Chinese-speaking regions | Chinese-speaking regions
Keypoints :
- The attack chain begins with a phishing page prompting victims to download a malicious MSI package.
- The MSI package uses Windows Installer’s CustomAction feature to execute malicious code while appearing benign.
- ValleyRAT is a remote access trojan capable of unauthorized access, with features for capturing screenshots and clearing event logs.
Source: https://thehackernews.com/2025/01/pngplug-loader-delivers-valleyrat.html