PNGPlug Loader Spreads ValleyRAT Malware: Data Safety Tips

AVP SUITE

January 23,2025

5 mins


PNGPlug Loader Spreads ValleyRAT Malware: Data Safety Tips

Cybersecurity researchers have exposed a chain of cyber attacks focused on Chinese-speaking regions, consisting of Hong Kong, Taiwan, and Mainland China. The assaults contain the delivery of the notorious ValleyRAT malware. They used a complicated loader referred to as PNGPlug, according to a technical report published by Intezer last week.

Let’s know more about it!

Table of Contents! 

How the Malware Operates

What is ValleyRAT?

Sophistication of the Attack

A Growing Threat

How to Spot and Neutralize Malware

How AVP Suite Keeps You Malware-Free 

Key Takeaway! 

 

How the Malware Operates

The attack chain starts with a phishing page that tricks sufferers into downloading a malicious Microsoft Installer (MSI) package disguised as a valid software program. Once carried out, the installer concurrently deploys a benign application to avoid detection even as secretly extracting an encrypted archive containing the malware payload.

Security researcher Nicole Fishbein explained, “The MSI package uses the Windows Installer’s CustomAction feature, enabling it to execute malicious code, including running an embedded malicious DLL that decrypts the archive (all.zip) using a hardcoded password ‘hello202411’ to extract the core malware components.

These components include a rogue DLL (“libcef.dll”), a legitimate application (“down.exe”) to mask malicious activity, and two payload files masquerading as PNG images (“aut.png” and “view.png”). The PNGPlug loader then injects the payload files into memory, modifies Windows Registry settings for persistence, and executes ValleyRAT.

What is ValleyRAT?

ValleyRAT: a RAT that has been active since 2023 and can give unauthorised entry to infected devices by attackers. Its modern functions consist of taking screenshots and clearing Windows event logs to cover its tracks.

The campaign has been attributed to a threat group known as Silver Fox, which is linked to another cluster called Void Arachne. Both groups utilize a shared command-and-control (C&C) framework named Winos 4.0.

 

Related Read: Hackers Exploit California Wildfires: Phishing Scams Security Tips

 

Sophistication of the Attack

The attacks are exceptional for their target Chinese-speaking populations and their smart use of legitimate software to deliver malware

Equally striking is the attackers’ sophisticated use of legitimate software as a delivery mechanism for malware, seamlessly blending malicious activities with seemingly benign applications,” said Fishbein.

The PNGPlug loader’s modular design adds another layer of threat, allowing it to be customized for multiple campaigns. 

Fishbein noted, “The adaptability of the PNGPlug loader further elevates the threat, as its modular design allows it to be tailored for multiple campaigns.

 

Read More: Google Ads Attacked by Malvertising Scam: Secure Login Credentials

 

A Growing Threat

This campaign accentuates the sophistication of changing threats. As a result, they deceive users and break defenses through social engineering and advanced techniques in malware. Awareness and vigilance would be the surest way to fight this from running through the digital landscape’s dangers. 

How to Spot and Neutralize Malware

Protecting your system from malware requires vigilance and effective countermeasures. Here’s how to spot and neutralize malware effectively:

How to Spot Malware

  1. Slow System Performance: Malware consumes assets, causing great lag in your device.
  2. Frequent Crashes: Random reboots or software program crashes can sign hidden malware activities. 
  3. Unusual Pop-ups: Beware of persistent pop-ups or fake alerts urging you to download “protection software.”
  4. Unrecognized Apps: Spot surprising programs or files you didn’t install—these could be malicious Microsoft Installer files.
  5. Network Activity Spikes: Malware frequently sends or receives information, leading to unusual internet usage.

 

Also Read: FireScam Malware Targets Telegram Android Users: Security Tips

How to Mitigate Malware Risks

  1. Run Anti-Malware Software: Use reliable malware detection software programs like AVP Antivirus Software to scan, identify, and remove threats.
  2. Update Your OS and Apps: You should update the operating system and apps to mitigate any risk. Regular updates patch vulnerabilities that malware exploits. 
  3. Avoid Phishing Scams: Don’t click suspicious links or download files from unverified sources. 
  4. Opt for Comprehensive Protection:  With AVP Total Security, get guaranteed impenetrable security against malware, ransomware, and phishing attacks. 

Stay proactive with today’s best cybersecurity tools to secure your digital life. Prevention is key to an infection-free system! 

 

Want to Read the Latest Cybersecurity News?

Stay Updated with AVP Daily

Subscribe Now!

 

How AVP Suite Keeps You Malware-Free 

AVP Suite is an all-in-one shield against advanced cybersecurity threats and malware to protect your devices and data. Here’s how it ensures one-stop coverage:

1. Comprehensive Malware Protection

AVP Suite protects you from ransomware, trojan viruses, worms, spyware, adware, and other malware and provides a strong defense against emerging scams and threats caused by malware, such as malicious Microsoft Installer files.

2. Digital Identity & Login Protection

AVP Suite protects important digital information from unauthorized access to your accounts by having access and control for online identity and password-protected safeguards.

3. Fraud Protection

This feature of AVP Suite helps users avoid default phishing and fraud with its proactive capacity to catch any suspicious activity and malicious attempts.

4. Browser Protection with Anti-Tracking

Ensures total browser protection from anti-tracking tools, just like secure browsing that blocks trackers and protects against malicious links, thereby enhancing online privacy.

5. Real-Time Threat Detection

Gives the real-time removal of threats with continuous monitoring using its advanced malware detection software.

6. Data and Device Security

Merging the malware protection services into the AVP Total Security secures your devices and personal data from breaches and theft. 

Experience the finest cybersecurity with AVP Suite and ensure that your digital world remains secure.

Key Takeaway! 

Just as cybercriminals advance their skills up to some threats like the PNGPlug loader and ValleyRAT malware, remain proactive to be the best line of defense. If scammers are back, never worry; AVP Suite is always with you! 

You have a sophisticated, advanced malware detection and removal feature that will quickly help you protect your data and devices. Don’t let enemies hunt you down- acquire what means the most with AVP Suite.

Take control of your digital safety today—download AVP Suite now and stay one step ahead of cyber threats!

Cybersecurity researchers have exposed a chain of cyber attacks focused on Chinese-speaking regions, consisting of Hong Kong, Taiwan, and Mainland China. The assaults contain the delivery of the notorious ValleyRAT malware. They used a complicated loader referred to as PNGPlug, according to a technical report published by Intezer last week.

Let’s know more about it!

How the Malware Operates

The attack chain starts with a phishing page that tricks sufferers into downloading a malicious Microsoft Installer (MSI) package disguised as a valid software program. Once carried out, the installer concurrently deploys a benign application to avoid detection even as secretly extracting an encrypted archive containing the malware payload.

Security researcher Nicole Fishbein explained, “The MSI package uses the Windows Installer’s CustomAction feature, enabling it to execute malicious code, including running an embedded malicious DLL that decrypts the archive (all.zip) using a hardcoded password ‘hello202411’ to extract the core malware components.

These components include a rogue DLL (“libcef.dll”), a legitimate application (“down.exe”) to mask malicious activity, and two payload files masquerading as PNG images (“aut.png” and “view.png”). The PNGPlug loader then injects the payload files into memory, modifies Windows Registry settings for persistence, and executes ValleyRAT.

What is ValleyRAT?

ValleyRAT: a RAT that has been active since 2023 and can give unauthorised entry to infected devices by attackers. Its modern functions consist of taking screenshots and clearing Windows event logs to cover its tracks.

The campaign has been attributed to a threat group known as Silver Fox, which is linked to another cluster called Void Arachne. Both groups utilize a shared command-and-control (C&C) framework named Winos 4.0.

Related Read: Hackers Exploit California Wildfires: Phishing Scams Security Tips

Sophistication of the Attack

The attacks are exceptional for their target Chinese-speaking populations and their smart use of legitimate software to deliver malware

Equally striking is the attackers’ sophisticated use of legitimate software as a delivery mechanism for malware, seamlessly blending malicious activities with seemingly benign applications,” said Fishbein.

The PNGPlug loader’s modular design adds another layer of threat, allowing it to be customized for multiple campaigns. 

Fishbein noted, “The adaptability of the PNGPlug loader further elevates the threat, as its modular design allows it to be tailored for multiple campaigns.

Read More: Google Ads Attacked by Malvertising Scam: Secure Login Credentials

A Growing Threat

This campaign accentuates the sophistication of changing threats. As a result, they deceive users and break defenses through social engineering and advanced techniques in malware. Awareness and vigilance would be the surest way to fight this from running through the digital landscape’s dangers.

How to Spot and Neutralize Malware

Protecting your system from malware requires vigilance and effective countermeasures. Here’s how to spot and neutralize malware effectively:

How to Spot Malware

  1. Slow System Performance: Malware consumes assets, causing great lag in your device.
  2. Frequent Crashes: Random reboots or software program crashes can sign hidden malware activities. 
  3. Unusual Pop-ups: Beware of persistent pop-ups or fake alerts urging you to download “protection software.”
  4. Unrecognized Apps: Spot surprising programs or files you didn’t install—these could be malicious Microsoft Installer files.
  5. Network Activity Spikes: Malware frequently sends or receives information, leading to unusual internet usage.

Also Read: FireScam Malware Targets Telegram Android Users: Security Tips

How to Mitigate Malware Risks

  1. Run Anti-Malware Software: Use reliable malware detection software programs like AVP Antivirus Software to scan, identify, and remove threats.
  2. Update Your OS and Apps: You should update the operating system and apps to mitigate any risk. Regular updates patch vulnerabilities that malware exploits. 
  3. Avoid Phishing Scams: Don’t click suspicious links or download files from unverified sources. 
  4. Opt for Comprehensive Protection:  With AVP Total Security, get guaranteed impenetrable security against malware, ransomware, and phishing attacks. 

Stay proactive with today’s best cybersecurity tools to secure your digital life. Prevention is key to an infection-free system!

Want to Read the Latest Cybersecurity News?

Stay Updated with AVP Daily

Subscribe Now! Cta_banner_image

How AVP Suite Keeps You Malware-Free

AVP Suite is an all-in-one shield against advanced cybersecurity threats and malware to protect your devices and data. Here’s how it ensures one-stop coverage:

1. Comprehensive Malware Protection

AVP Suite protects you from ransomware, trojan viruses, worms, spyware, adware, and other malware and provides a strong defense against emerging scams and threats caused by malware, such as malicious Microsoft Installer files.

2. Digital Identity & Login Protection

AVP Suite protects important digital information from unauthorized access to your accounts by having access and control for online identity and password-protected safeguards.

3. Fraud Protection

This feature of AVP Suite helps users avoid default phishing and fraud with its proactive capacity to catch any suspicious activity and malicious attempts.

4. Browser Protection with Anti-Tracking

Ensures total browser protection from anti-tracking tools, just like secure browsing that blocks trackers and protects against malicious links, thereby enhancing online privacy.

5. Real-Time Threat Detection

Gives the real-time removal of threats with continuous monitoring using its advanced malware detection software.

6. Data and Device Security

Merging the malware protection services into the AVP Total Security secures your devices and personal data from breaches and theft. 

Experience the finest cybersecurity with AVP Suite and ensure that your digital world remains secure.

Key Takeaway!

Just as cybercriminals advance their skills up to some threats like the PNGPlug loader and ValleyRAT malware, remain proactive to be the best line of defense. If scammers are back, never worry; AVP Suite is always with you! 

You have a sophisticated, advanced malware detection and removal feature that will quickly help you protect your data and devices. Don’t let enemies hunt you down- acquire what means the most with AVP Suite.

Take control of your digital safety today—download AVP Suite now and stay one step ahead of cyber threats!

Is Your Device Safe from Malware?

AVP Suite shields your data & device with advanced security

Start Your Free Trial!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the cybersecurity trends & news at AVPDaily