August 16, 2024 at 08:21AM
Chinese-speaking users are being targeted by an ongoing campaign distributing the multi-stage malware ValleyRAT, capable of remote control and executing various harmful actions on compromised workstations. The attackers utilize shellcode extensively and deploy arbitrary plugins. The malware’s distribution method remains unknown. The campaign emerges amid attempts to exploit an old Microsoft Office vulnerability with various malicious payloads.
The meeting notes discuss a cyber attack targeting Chinese-speaking users involving a multi-stage malware known as ValleyRAT. This malware aims to control and monitor victims’ devices while also deploying arbitrary plugins to cause further harm. The attack involves employing shellcode to execute components directly in memory, reducing its footprint on the victim’s system. The campaign is still using old vulnerabilities like CVE-2017-0199 to execute malicious code and distribute other threats such as GuLoader, Remcos RAT, and Sankeloader. It is also noteworthy that this specific attack involves attempts to exploit an old Microsoft Office vulnerability (CVE-2017-0199). This information underscores the importance of cybersecurity awareness and protection.