Windows users hit by all-new advanced malware campaign

News
By published

Chinese enterprises targeted with ValleyRAT malware

Image of laptop infected with malware threat
I peggiori Malware del 2022 (Image credit: @ Unsplash/ Michael Geiger)

Criminals have been spotted targeting Chinese enterprises with an advanced Remote Access Trojan (RAT), capable of taking over infected Windows endpoints.

Researchers at FortiGuard call the threat ValleyRAT, and claim its operators are on the hunt for ecommerce, finance, sales, and management enterprises. Initial access is most likely done through phishing, where crooks share loaders disguised as Microsoft Office files.

The loaders alter registry entries to establish persistence and communication with the C2 infrastructure, after which it allows its operators to deploy additional malware, and make changes to the target endpoint. "This malware involves several components loaded in different stages and mainly uses shellcode to execute them directly in memory, significantly reducing its file trace in the system," FortiGuard said.

Silver Fox attacking

"Once the malware gains a foothold in the system, it supports commands capable of monitoring the victim's activities and delivering arbitrary plugins to further the threat actors’ intentions,” the researchers noted.

In other words, crooks can deploy different tools, depending on what they want from the victim.

Allegedly, the group behind the campaign is called “Silver Fox”, and is a threat actor previously observed targeting Chinese organizations.

In spring 2023, Chinese tech giant Weibu Online reported tracking this group which used SEO poisoning to make its phishing sites rank high on Chinese search engines. With the help of these sites, Silver Fox gained access to Chinese companies in finance, securities, and education industries.

While the location, and affiliation, of Silver Fox remains a mystery, some researchers believe the group, too, is of Chinese origin.

The best way to defend against Silver Fox and similar threats is to always keep antivirus and endpoint protection systems up to date, and to educate employees on the dangers of phishing and social engineering.

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
A doctor holding a tablet showing holograms of a skeleton, DNA, and other medical diagrams.
Chinese hacking group hijacks hospital computers by spoofing legitimate medical software
China
Chinese hackers develop effective new hacking technique to go after business networks
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
Russian flag on a laptop
Hackers are using Russian domains to launch complex document-based phishing attacks
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
Zotac Gaming RTX 5090 Graphics Card
Nvidia Blackwell stock woes are compounded by price hikes as more RTX 5090 GPUs soar in pricing, and I’m sick and tired of it all at this point
A collage of Elizabeth Olsen's Scarlet Witch and Tatiana Maslany's She-Hulk
Marvel fans are already tired of Doomsday and Secret Wars cast gossip as two more superheroes get linked with roles in the next two Avengers movies
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'
An Apple Music pink/pixellated poster advertising DJ with Apple Music
DJ with Apple Music lands, allowing subscribers to build and mix DJ sets directly from its +100 million-song catalog
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
FlexiSpot office furniture next to a TechRadar-branded badge that reads Big Savings.

Upgrade your home office for under $500 in the Amazon Spring Sale: My top picks and biggest savings
See more latest
Most Popular
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Sony WF-C710N in blue glass on beige background
Sony WF-C710 earbuds land, and I think they'll be the 2025 budget buds to beat
The RIG M2 Streamstar attached to a boom arm.
The RIG M2 Streamstar is a new microphone with the world's first Bluetooth audio gateway in a wired gaming mic
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'
Data leak
A major Keenetic router data leak could put a million households at risk
A collage of Elizabeth Olsen's Scarlet Witch and Tatiana Maslany's She-Hulk
Marvel fans are already tired of Doomsday and Secret Wars cast gossip as two more superheroes get linked with roles in the next two Avengers movies
Quordle on a smartphone held in a hand
Quordle hints and answers for Wednesday, March 26 (game #1157)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Wednesday, March 26 (game #388)