Silver Fox has been exploiting signed but vulnerable drivers, like WatchDog Anti-malware, to disable security solutions and deploy malware such as ValleyRAT. This sophisticated campaign uses signature manipulation and evasive techniques, highlighting the evolving nature of threat actor strategies. #SilverFox #ValleyRAT
Keypoints
- Silver Fox targets Windows users by abusing a Microsoft-signed vulnerable driver, amsdk.sys.
- The campaign employs a dual-driver approach, using Zemana drivers on Windows 7 and WatchDog drivers on Windows 10 or 11.
- Attackers leverage signature manipulation to bypass driver blocklists after patch updates.
- The malware deployment involves anti-analysis checks and communication with C2 servers for remote access.
- Silver Fox primarily targets Chinese-speaking victims through fake websites and phishing campaigns, aiming for information theft and financial fraud.
Read More: https://thehackernews.com/2025/09/silver-fox-exploits-microsoft-signed.html