Bogus websites masquerading as Google Chrome have been used to distribute the ValleyRAT malware, attributed to a threat actor dubbed Silver Fox who primarily targets Chinese-speaking regions. This malware targets high-value organizational roles in finance, accounting, and sales with access to sensitive information. The initial attacks deliver ValleyRAT alongside other malware types, leveraging counterfeit software installers. The recent distribution method involves a fake Chrome website misleading victims into downloading a ZIP file that installs the trojan and additional malicious components, showcasing a sophisticated approach to malware deployment.
"This actor has increasingly targeted key roles within organizations-particularly in finance, accounting, and sales department - highlighting a strategic focus on high-value positions with access to sensitive data and systems."
"As recently as last month, counterfeit installers for legitimate software have served as a distribution mechanism for the trojan by means of a DLL loader named PNGPlug."
Collection
[
|
...
]