Organizations in China, Hong Kong, Taiwan, and Southeast Asia have been subjected to attacks with the advanced second-stage ValleyRAT_S2 malware, according to GBHackers News.Threat actors have used not only counterfeit productivity apps, cracked software, and Chinese-language utilities, but also phishing emails with illicit attachments to spread ValleyRAT_S2, which performs DLL side-loading, while copying typical library names to bypass antivirus and User Account Control defenses, an analysis from malware researcher APOPHIS. Installation of ValleyRAT_S2 enables extensive system reconnaissance before running Steam event-masquerading callbacks for persistence and creating temporary environment staging in system %TEMP% directories, where generated files allow automated execution.With the second stage of the ValleyRAT malware permitting keystroke logging and local data exfiltration, organizations have been urged not only to strengthen security awareness programs for their employees but also to adopt more sophisticated endpoint protection solutions that can determine dubious process injection and DLL sideloading instances.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds