Summary: Bogus websites posing as Google Chrome distributors have been employed to spread a remote access trojan known as ValleyRAT, attributed to the Silver Fox threat actor. This malware primarily targets key organizational roles in financial and sales sectors within Chinese-speaking regions, utilizing sophisticated attack chains to deploy other malicious software. The trojan captures sensitive information and maintains persistence on infected systems, revealing an alarming trend in cyber threats against high-value positions.
Affected: Organizations in finance, accounting, and sales sectors in Chinese-speaking regions
Keypoints :
- ValleyRAT is distributed through counterfeit Google Chrome installers and utilizes a DLL loader named PNGPlug.
- Specific targeting of high-value organizational roles suggests a focus on exploiting access to sensitive data.
- The trojan is capable of monitoring screen content, logging keystrokes, and executing commands remotely.
Source: https://thehackernews.com/2025/02/fake-google-chrome-sites-distribute.html