More than 30 email phishing campaigns have been launched to deploy various malware strains against Chinese users since early this year, The Hacker News reports.
Gh0st RAT trojan variant Sainbox was distributed in most of the phishing campaigns, which have been facilitated through varied infrastructure and payloads suggesting the involvement of different threat operations, according to a report from Proofpoint. Meanwhile, other campaigns spread the Purple Fox malware and novel ValleyRAT trojan.
The findings noted that ValleyRAT, which was first discovered in February and was initially used in campaigns in March, not only enables additional payload retrieval and execution but also allows running process enumeration.
"The increase in Chinese language malware activity indicates an expansion of the Chinese malware ecosystem, either through increased availability or ease of access to payloads and target lists, as well as potentially increased activity by Chinese-speaking cybercrime operators," said Proofpoint.
