skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

PNGPlug Loader Distributes ValleyRAT Malware in Asia

/ 1 min read

🐉 Cyber Attacks Target Chinese-Speaking Regions with ValleyRAT Malware. Cybersecurity researchers have identified a series of cyber attacks in Hong Kong, Taiwan, and Mainland China utilizing a malware known as ValleyRAT, delivered through a multi-stage loader called PNGPlug. The attack begins with a phishing page prompting victims to download a malicious Microsoft Installer (MSI) package disguised as legitimate software. This installer deploys a benign application while secretly extracting the malware payload. ValleyRAT, a remote access trojan (RAT) linked to the threat group Silver Fox, allows attackers unauthorized access to infected machines and has capabilities such as screenshot capture and event log clearing. The campaign is notable for its sophisticated use of legitimate software to mask malicious activities, highlighting the evolving tactics of cybercriminals.

Source
{entry.data.source.title}
Original