China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics
Jun 11, 2024
Malware / Cyber Attack
Cybersecurity researchers have uncovered an updated version of malware called ValleyRAT that's being distributed as part of a new campaign. "In the latest version, ValleyRAT introduced new commands, such as capturing screenshots, process filtering, forced shutdown, and clearing Windows event logs," Zscaler ThreatLabz researchers Muhammed Irfan V A and Manisha Ramcharan Prajapati said . ValleyRAT was previously documented by QiAnXin and Proofpoint in 2023 in connection with a phishing campaign targeting Chinese-speaking users and Japanese organizations that distributed various malware families such as Purple Fox and a variant of the Gh0st RAT trojan known as Sainbox RAT (aka FatalRAT). The malware has been assessed to be the work of a China-based threat actor, boasting of capabilities to harvest sensitive information and drop additional payloads onto compromised hosts. The starting point is a downloader that utilizes an HTTP File Server (HFS) to fetch a file named...
