Network Security, Threat Intelligence, Malware

More sophisticated ValleyRAT malware variant emerges

Warning icon on a digital LCD display with reflection.

Chinese-linked ValleyRAT trojan has been updated to include screenshot capturing, process filtering, Windows event log deletion, and forced shutdown capabilities as part of a new malware attack campaign, The Hacker News reports.

Intrusions part of the campaign involved the deployment of a downloader that facilitates the retrieval of a DLL-extracting file, with the DLL disrupting WinRAR and Qihoo 360 anti-malware software before fetching other files that eventually result in the execution of ValleyRAT, according to a Zscaler ThreatLabz report.

"ValleyRAT utilizes a convoluted multi-stage process to infect a system with the final payload that performs the majority of the malicious operations. This staged approach combined with DLL side-loading are likely designed to better evade host-based security solutions such as EDRs and anti-virus applications," said researchers.

Such findings follow a Fortinet FortiGuard Labs report detailing the utilization of an updated Agent Tesla malware variant with more extensive data theft features in an attack campaign exploiting old Microsoft Excel Add-In flaws.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.