Sophisticated Malware Campaign Deploys ValleyRat via Trojanized Installers

Researchers have uncovered a sophisticated malware campaign where threat actors weaponize trojanized installers for popular productivity applications to deploy ValleyRat, a persistent remote access tool. The operation demonstrates advanced evasion techniques, including kernel-level driver abuse and multi-stage obfuscation. The campaign has been attributed to an advanced persistent threat (APT) group active since at least 2022. The threat actors repurpose legitimate installer files for applications like Telegram, WinSCP, Google Chrome, and Microsoft Teams. Upon execution, victims observe a standard installation interface while malware silently stages payloads and deploys kernel drivers to establish long-term system compromise.