PNGPlug Loader Spreads ValleyRAT Malware: Data Safety Tips

AVP SUITE

January 29,2025

5 mins


PNGPlug Loader Spreads ValleyRAT Malware: Data Safety Tips

Cybersecurity researchers have exposed a chain of cyber attacks focused on Chinese-speaking regions, consisting of Hong Kong, Taiwan, and Mainland China. The assaults contain the delivery of the notorious ValleyRAT malware. They used a complicated loader referred to as PNGPlug, according to a technical report published by Intezer last week.

Let’s know more about it!

 

Table of Contents! 

How the Malware Operates

What is ValleyRAT?

Sophistication of the Attack

A Growing Threat

How to Spot and Neutralize Malware

How AVP Suite Keeps You Malware-Free 

Key Takeaway! 

 

How the Malware Operates

The attack chain starts with a phishing page that tricks sufferers into downloading a malicious Microsoft Installer (MSI) package disguised as a valid software program. Once carried out, the installer concurrently deploys a benign application to avoid detection even as secretly extracting an encrypted archive containing the malware payload.

Security researcher Nicole Fishbein explained, “The MSI package uses the Windows Installer’s CustomAction feature, enabling it to execute malicious code, including running an embedded malicious DLL that decrypts the archive (all.zip) using a hardcoded password ‘hello202411’ to extract the core malware components.

These components include a rogue DLL (“libcef.dll”), a legitimate application (“down.exe”) to mask malicious activity, and two payload files masquerading as PNG images (“aut.png” and “view.png”). The PNGPlug loader then injects the payload files into memory, modifies Windows Registry settings for persistence, and executes ValleyRAT.

What is ValleyRAT?

ValleyRAT, a remote access trojan (RAT), has been active since 2023 and is capable of granting attackers unauthorized entry to infected gadgets. Its modern functions consist of taking screenshots and clearing Windows event logs to cover its tracks.

The campaign has been attributed to a threat group known as Silver Fox, which is linked to another cluster called Void Arachne. Both groups utilize a shared command-and-control (C&C) framework named Winos 4.0.

 

Related Read: Hackers Exploit California Wildfires: Phishing Scams Security Tips

 

Sophistication of the Attack

The attacks are exceptional for their target Chinese-speaking populations and their smart use of legitimate software to deliver malware

Equally striking is the attackers’ sophisticated use of legitimate software as a delivery mechanism for malware, seamlessly blending malicious activities with seemingly benign applications,” said Fishbein.

The PNGPlug loader’s modular design adds another layer of threat, allowing it to be customized for multiple campaigns. 

Fishbein noted, “The adaptability of the PNGPlug loader further elevates the threat, as its modular design allows it to be tailored for multiple campaigns.

 

Read More: Google Ads Attacked by Malvertising Scam: Secure Login Credentials

 

A Growing Threat

This campaign highlights the evolving sophistication of cyber threats. By combining social engineering with advanced malware techniques, attackers exploit unsuspecting users. Awareness and vigilance are crucial to mitigate these growing risks in the digital landscape.

How to Spot and Neutralize Malware

Protecting your system from malware requires vigilance and effective countermeasures. Here’s how to spot and neutralize malware effectively:

How to Spot Malware

  1. Slow System Performance: Malware consumes assets, causing great lag in your device.
  2. Frequent Crashes: Random reboots or software program crashes can sign hidden malware activities. 
  3. Unusual Pop-ups: Beware of persistent pop-ups or fake alerts urging you to download “protection software.”
  4. Unrecognized Apps: Spot surprising programs or files you didn’t install—these could be malicious Microsoft Installer files.
  5. Network Activity Spikes: Malware frequently sends or receives information, leading to unusual internet usage.

 

Also Read: FireScam Malware Targets Telegram Android Users: Security Tips

 

 

How to Mitigate Malware Risks

  1. Run Anti-Malware Software: Use reliable malware detection software programs like AVP Antivirus Software to scan, identify, and remove threats.
  2. Update Your OS and Apps: Regular updates patch vulnerabilities that malware exploits. 
  3. Avoid Phishing Scams: Don’t click suspicious links or download files from unverified sources. 
  4. Opt for Comprehensive Protection:  Invest in AVP Total Security for superior malware safety services, ransomware shields, and phishing safeguards. 

Stay proactive in securing your digital life with the best cybersecurity tools available. Prevention is the key to maintaining a malware-free system!

 

Want to Read the Latest Cybersecurity News?

Stay Updated with AVP Daily

Subscribe Now!

 

How AVP Suite Keeps You Malware-Free 

AVP Suite is your all-in-one solution for safeguarding devices and data against advanced cybersecurity threats and malware. Here’s how it ensures comprehensive security:

1. Comprehensive Malware Protection

AVP Suite shields you from ransomware, trojan viruses, worms, spyware, adware, and more, offering a robust defense against evolving malware scams and threats like malicious Microsoft Installer files.

2. Digital Identity & Login Protection

Protect your sensitive digital information with AVP Suite’s digital identity and login security, preventing unauthorized access to accounts.

3. Fraud Protection

Stay safe from phishing and fraud with AVP Suite’s proactive features designed to block suspicious activities and malicious attempts.

4. Browser Protection with Anti-Tracking

Enhance online privacy with anti-tracking tools and secure browsing that blocks trackers and malicious links, offering full browser protection.

5. Real-Time Threat Detection

Using advanced malware detection software, AVP Suite provides continuous monitoring and eliminates threats in real-time.

6. Data and Device Security

Combining malware protection services with AVP Total Security protects your devices and personal data against breaches and theft.

With AVP Suite, experience unmatched cybersecurity and ensure your digital world stays secure.

Key Takeaway! 

As cybercriminals continue to refine their tactics with threats like the PNGPlug loader and ValleyRAT malware, staying proactive is your best defense. Scammers may be active, but AVP Suite has your back! 

With our advanced malware detection and removal feature, you can effortlessly safeguard your data and devices. Don’t let malicious actors compromise your security—protect what matters most with AVP Suite.

Take control of your digital safety today—Download AVP Suite Now and stay one step ahead of cyber threats!

Cybersecurity researchers have exposed a chain of cyber attacks focused on Chinese-speaking regions, consisting of Hong Kong, Taiwan, and Mainland China. The assaults contain the delivery of the notorious ValleyRAT malware. They used a complicated loader referred to as PNGPlug, according to a technical report published by Intezer last week.

Let’s know more about it!

How the Malware Operates

The attack chain starts with a phishing page that tricks sufferers into downloading a malicious Microsoft Installer (MSI) package disguised as a valid software program. Once carried out, the installer concurrently deploys a benign application to avoid detection even as secretly extracting an encrypted archive containing the malware payload.

Security researcher Nicole Fishbein explained, “The MSI package uses the Windows Installer’s CustomAction feature, enabling it to execute malicious code, including running an embedded malicious DLL that decrypts the archive (all.zip) using a hardcoded password ‘hello202411’ to extract the core malware components.

These components include a rogue DLL (“libcef.dll”), a legitimate application (“down.exe”) to mask malicious activity, and two payload files masquerading as PNG images (“aut.png” and “view.png”). The PNGPlug loader then injects the payload files into memory, modifies Windows Registry settings for persistence, and executes ValleyRAT.

What is ValleyRAT?

ValleyRAT, a remote access trojan (RAT), has been active since 2023 and is capable of granting attackers unauthorized entry to infected gadgets. Its modern functions consist of taking screenshots and clearing Windows event logs to cover its tracks.

The campaign has been attributed to a threat group known as Silver Fox, which is linked to another cluster called Void Arachne. Both groups utilize a shared command-and-control (C&C) framework named Winos 4.0.

Related Read: Hackers Exploit California Wildfires: Phishing Scams Security Tips

Sophistication of the Attack

The attacks are exceptional for their target Chinese-speaking populations and their smart use of legitimate software to deliver malware

Equally striking is the attackers’ sophisticated use of legitimate software as a delivery mechanism for malware, seamlessly blending malicious activities with seemingly benign applications, said Fishbein.

The PNGPlug loader’s modular design adds another layer of threat, allowing it to be customized for multiple campaigns. 

Fishbein noted, The adaptability of the PNGPlug loader further elevates the threat, as its modular design allows it to be tailored for multiple campaigns.

Read More: Google Ads Attacked by Malvertising Scam: Secure Login Credentials

A Growing Threat

This campaign highlights the evolving sophistication of cyber threats. By combining social engineering with advanced malware techniques, attackers exploit unsuspecting users. Awareness and vigilance are crucial to mitigate these growing risks in the digital landscape.

How to Spot and Neutralize Malware

Protecting your system from malware requires vigilance and effective countermeasures. Here’s how to spot and neutralize malware effectively:

How to Spot Malware

  1. Slow System Performance: Malware consumes assets, causing great lag in your device.
  2. Frequent Crashes: Random reboots or software program crashes can sign hidden malware activities. 
  3. Unusual Pop-ups: Beware of persistent pop-ups or fake alerts urging you to download “protection software.”
  4. Unrecognized Apps: Spot surprising programs or files you didn’t install—these could be malicious Microsoft Installer files.
  5. Network Activity Spikes: Malware frequently sends or receives information, leading to unusual internet usage.

Also Read: FireScam Malware Targets Telegram Android Users: Security Tips

How to Mitigate Malware Risks

  1. Run Anti-Malware Software: Use reliable malware detection software programs like AVP Antivirus Software to scan, identify, and remove threats.
  2. Update Your OS and Apps: Regular updates patch vulnerabilities that malware exploits. 
  3. Avoid Phishing Scams: Don’t click suspicious links or download files from unverified sources. 
  4. Opt for Comprehensive Protection:  Invest in AVP Total Security for superior malware safety services, ransomware shields, and phishing safeguards. 

Stay proactive in securing your digital life with the best cybersecurity tools available. Prevention is the key to maintaining a malware-free system!

Want to Read the Latest Cybersecurity News?

Stay Updated with AVP Daily

Subscribe Now! Cta_banner_image

How AVP Suite Keeps You Malware-Free

AVP Suite is your all-in-one solution for safeguarding devices and data against advanced cybersecurity threats and malware. Here’s how it ensures comprehensive security:

1. Comprehensive Malware Protection

AVP Suite shields you from ransomware, trojan viruses, worms, spyware, adware, and more, offering a robust defense against evolving malware scams and threats like malicious Microsoft Installer files.

2. Digital Identity & Login Protection

Protect your sensitive digital information with AVP Suite’s digital identity and login security, preventing unauthorized access to accounts.

3. Fraud Protection

Stay safe from phishing and fraud with AVP Suite’s proactive features designed to block suspicious activities and malicious attempts.

4. Browser Protection with Anti-Tracking

Enhance online privacy with anti-tracking tools and secure browsing that blocks trackers and malicious links, offering full browser protection.

5. Real-Time Threat Detection

Using advanced malware detection software, AVP Suite provides continuous monitoring and eliminates threats in real-time.

6. Data and Device Security

Combining malware protection services with AVP Total Security protects your devices and personal data against breaches and theft.

With AVP Suite, experience unmatched cybersecurity and ensure your digital world stays secure.

Key Takeaway!

As cybercriminals continue to refine their tactics with threats like the PNGPlug loader and ValleyRAT malware, staying proactive is your best defense. Scammers may be active, but AVP Suite has your back! 

With our advanced malware detection and removal feature, you can effortlessly safeguard your data and devices. Don’t let malicious actors compromise your security—protect what matters most with AVP Suite.

Take control of your digital safety today—Download AVP Suite Now and stay one step ahead of cyber threats!

Is Your Device Safe from Malware?

AVP Suite shields your data & device with advanced security

Start Your Free Trial!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the cybersecurity trends & news at AVPDaily