Search Tools Links Login

ValleyRAT Malware Targets Global Organizations

A recently discovered malware named ValleyRAT is being disseminated to prominent organizations globally, according to cybersecurity specialists. Proofpoint researchers unveiled that not only mainland Chinese businesses but also firms from other regions are getting targeted by several emerging malware strains, likely the handiwork of multiple new threat entities.

ValleyRAT is among the notable new tools. Campaigns dispersing this malware predominantly use Chinese invoice-themed methods related to different Chinese companies. Researchers observed numerous initiatives spreading ValleyRAT, which was initially detected in March 2023. Besides ValleyRAT, they also identified variants like Sainbox, related to the notorious Gh0stRAT, and Purple Fox, which predominantly targets Japanese entities.

In relation to Purple Fox, Proofpoint commented, “Despite its historically Chinese themes, it's seldom seen in our threat analyses. Remarkably, a campaign used Japanese invoice themes to aim at Japanese firms, delivering zipped files leading to installation. Other campaigns utilized Chinese-themed messages with URLs.”

Proofpoint has so far pinpointed over 24 such campaigns where the culprits would mimic major companies, contacting their staff through email to prompt them to install the aforementioned RATs. While the identity of the culprits remains uncertain, researchers hypothesize that several groups might be collaborating, as certain activity patterns coincide.

The actual intent behind these cyberattacks remains unclear.

About this post

Posted: 2023-09-21
By: dwirch
Viewed: 353 times





No attachments for this post

Loading Comments ...


No comments have been added for this post.

You must be logged in to make a comment.