Priya PatelTLDR:
- Zscaler researchers detailed ValleyRAT password-stealing techniques.
- ValleyRAT is a highly advanced malware that uses complicated infection methods and constant code updates.
Researchers at Zscaler have recently detailed the password-stealing techniques used by ValleyRAT, a remote access tool that aims to compromise systems and deliver unauthorized access. The malware engages in multi-stage payload delivery techniques, such as process injection, configuration parsing, and registry storage, to ensure its stealth and persistence. ValleyRAT uses DLL sideloading and constantly updates its code, making it challenging for detectors, including EDRs and anti-virus solutions, to detect. The malware’s latest version includes new device fingerprinting fields, an altered bot ID generation algorithm, and new commands, such as screenshotting and clearing logs, to enhance its capabilities. ValleyRAT’s complex infection methods and anti-AV evasion tactics highlight the ongoing evolution and sophistication of cyber threats.
