A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers


FortiGuard Labs recently encountered an ongoing ValleyRAT campaign specifically targeting Chinese speakers. This malware has historically targeted e-commerce, finance, sales, and management enterprises.

ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage. Another noteworthy characteristic of this malware is its heavy usage of shellcode to execute its many components directly in memory, significantly reducing its file footprint in the victim’s system. This blog provides a technical analysis of this campaign.

Read more…
Source: Fortinet


Sign up for our Newsletter


Related:

  • The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation

    February 12, 2025

    Microsoft is publishing for the first time their research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the “BadPilot campaign”. This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored ...

  • Huge cyber attack under way – 2.8 million IPs being used to target VPN devices

    February 10, 2025

    A wide range of Virtual Private Network (VPN) and other networking devices are currently under attack by threat actors trying to break in to wider networks, experts have warned. Threat monitoring platform The Shadowserver Foundation warned about the ongoing attack on X, noting someone is currently using roughly 2.8 million different IP addresses to try and ...

  • Apple fixes iPhone and iPad bug used in an ‘extremely sophisticated attack’

    February 10, 2025

    On Monday, Apple released updates for its mobile operating systems for iOS and iPadOS, which fixed a flaw that the company said “may have been exploited in an extremely sophisticated attack against specific targeted individuals.” In the release notes for iOS 18.3.1 and iPadOS 18.3.1, the company said the vulnerability allowed the disabling of USB Restricted ...

  • Scammers target Italian tycoons using defense minister’s AI-generated voice

    February 10, 2025

    Scammers target Italian tycoons using defense minister’s AI-generated voice on OpenAI Voice Engine Scammers used AI-generated voice of Italian Defense Minister Guido Crosetto in an atempts to steal millions of dollars from Italian business tycoons, according to reports. Crosetto said last Thursday on X that someone was using his name and his artificially generated voice to ...

  • Thai-Swiss-US Operation Nets Hackers Behind 1,000+ Cyber Attacks

    February 10, 2025

    Thai police arrested four European hackers in Phuket who allegedly stole $16 million through ransomware attacks affecting over 1,000 victims worldwide. The suspects, wanted by Swiss and US authorities, were caught in coordinated raids across four locations. Officers from Cyber Crime Investigation Bureau, led by Police Lieutenant General Trairong Phiwphan, conducted “Operation PHOBOS AETOR” in Phuket ...

  • 20 million OpenAI accounts offered for sale

    February 7, 2025

    A cybercriminal acting under the moniker “emirking” offered 20 million OpenAI user login credentials this week, sharing what appeared to be samples of the stolen data itself. A translation of the Russian statement by the poster says: “When I realized that OpenAI might have to verify accounts in bulk, I understood that my password wouldn’t stay ...