Threat Intelligence, Malware

ValleyRAT backdoor spread via Microsoft-signed drivers

Chinese advanced persistent threat group Silver Fox has tapped Microsoft-signed drivers to covertly install the modular ValleyRAT backdoor, reports Infosecurity Magazine.

Attacks against modern environments involved the use of a Microsoft-signed WatchDog Antimalware driver that allowed antivirus and endpoint detection and response tool process termination prior to the injection of ValleyRAT for surveillance and data theft, according to a Check Point Research analysis.

On the other hand, the Zemana-based driver was used by Silver Fox to compromise Windows 7 to Windows 11 systems. Additional findings revealed Silver Fox's use of an altered iteration of a patched WatchDog driver in intrusions.

"Our research reinforces the need for ongoing efforts of security vendors and users to stay vigilant against the emerging abuse of legitimate drivers. Proactive identification, reporting and patching of these vulnerabilities are critical to strengthening Windows systems against evolving threats leveraging Bring Your Own Vulnerable Driver (BYOVD) techniques," said Check Point Research.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds