Summary: Cybersecurity researchers have identified a series of cyber attacks targeting Chinese-speaking regions using a malware known as ValleyRAT. These attacks utilize a multi-stage loader called PNGPlug to deliver the malware through a phishing scheme disguised as legitimate software. The campaign highlights the attackers’ sophisticated methods, including the use of benign applications to conceal malicious activities.

Threat Actor: Silver Fox | Silver Fox
Victim: Chinese-speaking regions | Chinese-speaking regions

Keypoints :

• The attack chain begins with a phishing page prompting victims to download a malicious MSI package.
• The MSI package uses Windows Installer’s CustomAction feature to execute malicious code while appearing benign.
• ValleyRAT is a remote access trojan capable of unauthorized access, with features for capturing screenshots and clearing event logs.