More sophisticated ValleyRAT malware variant emerges

Chinese-linked ValleyRAT trojan has been updated to include screenshot capturing, process filtering, Windows event log deletion, and forced shutdown capabilities as part of a new malware attack campaign, The Hacker News reports.

Intrusions part of the campaign involved the deployment of a downloader that facilitates the retrieval of a DLL-extracting file, with the DLL disrupting WinRAR and Qihoo 360 anti-malware software before fetching other files that eventually result in the execution of ValleyRAT, according to a Zscaler ThreatLabz report.

"ValleyRAT utilizes a convoluted multi-stage process to infect a system with the final payload that performs the majority of the malicious operations. This staged approach combined with DLL side-loading are likely designed to better evade host-based security solutions such as EDRs and anti-virus applications," said researchers.

Such findings follow a Fortinet FortiGuard Labs report detailing the utilization of an updated Agent Tesla malware variant with more extensive data theft features in an attack campaign exploiting old Microsoft Excel Add-In flaws.