China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics

China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics

June 11, 2024 at 05:03AM

Cybersecurity experts have discovered an updated version of malware called ValleyRAT with new capabilities, believed to originate from a China-based threat actor. The malware utilizes a multi-stage process and DLL side-loading to evade security solutions. Additionally, there’s a new phishing campaign targeting Spanish-speaking individuals with an updated keylogger and information stealer, Agent Tesla.

Based on the meeting notes provided, here are the key takeaways:

1. A new campaign involving an updated version of malware called ValleyRAT has been uncovered by cybersecurity researchers. This malware introduces new commands and is associated with a China-based threat actor capable of harvesting sensitive information and dropping additional payloads onto compromised hosts.

2. The malware utilizes a staged approach combined with DLL side-loading to better evade host-based security solutions such as EDRs and anti-virus applications.

3. Additionally, Fortinet FortiGuard Labs has uncovered a phishing campaign targeting Spanish-speaking individuals with an updated version of a keylogger and information stealer known as Agent Tesla, which collects various types of sensitive data from victims’ devices.

These findings highlight the evolving nature of cybersecurity threats and the need for robust defenses against sophisticated malware and phishing tactics.

Full Article