Fake Chrome Sites Distribute ValleyRAT Malware to Users
/ 1 min read
🦊💻 Malicious Google Chrome sites distribute ValleyRAT trojan targeting Chinese-speaking users. Bogus websites masquerading as Google Chrome installers have been identified as a distribution method for the ValleyRAT remote access trojan, attributed to the threat actor Silver Fox. This malware, first detected in 2023, primarily targets key roles in finance and sales within organizations, aiming to access sensitive data. The attack chain involves users being misled into downloading a ZIP file containing a malicious executable, which then installs additional payloads, including a rogue DLL that activates ValleyRAT. The campaign exploits users’ trust in legitimate software, particularly among Chinese-speaking individuals, and is linked to previous attacks using the Gh0st RAT malware.
