February 6, 2025

IT CyberSecurity Headlines

Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking

Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT.

The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China.

"This actor has increasingly targeted key roles within organizations—particularly in finance, accounting, and sales department — highlighting a strategic focus on high-value positions with access to sensitive data and systems," Morphisec researcher Shmuel Uzan said in a report published earlier this week.

Early attack chains have been observed delivering ValleyRAT alongside other malware families such as Purple Fox and Gh0st RAT, the latter of which has been extensively used by various Chinese hacking groups.

As recently as last month, counterfeit installers for legitimate software have served as a distribution mechanism for the trojan by means of a DLL loader named PNGPlug.

It's worth noting that a drive-by download scheme targeting Chinese-speaking Windows users was previously used to deploy Gh0st RAT using malicious installer packages for the Chrome web browser.

In a similar fashion, the latest attack sequence associated with ValleyRAT entails the use of a fake Google Chrome website to trick targets into downloading a ZIP archive containing an executable ("Setup.exe").

The binary, upon execution, checks if it has administrator privileges and then proceeds to download four additional payloads, including a legitimate executable associated with Douyin ("Douyin.exe"), the Chinese version of TikTok, that's used to sideload a rogue DLL ("tier0.dll"), which then launches the ValleyRAT malware.

Also retrieved is another DLL file ("sscronet.dll"), which is responsible for terminating any running process present in an exclusion list.

Compiled in Chinese and written in C++, ValleyRAT is a trojan that's designed to monitor screen content, log keystrokes, and establish persistence on the host. It's also capable of initiating communications with a remote server to await further instructions that allow it to enumerate processes, as well as download and execute arbitrary DLLs and binaries, among others.

"For payload injection, the attacker abused legitimate signed executables that were vulnerable to DLL search order hijacking," Uzan said.

The development comes as Sophos shared details of phishing attacks that employ Scalable Vector Graphics (SVG) attachments to evade detection and deliver an AutoIt-based keystroke logger malware like Nymeria or direct users to credential harvesting pages.

Credit --> thehackernews.com https://thehackernews.com/2025/02/fake-google-chrome-sites-distribute.html

Semgrep Secures $100 Million to Enhance Bug-Hunting Software

Semgrep, a software security company, has raised $100 million in a Series D funding round led by Menlo Ventures, bringing its total funding to $204 million. The company specializes in scanning source code for security vulnerabilities and plans to invest in AI development, expand sales and marketing, and increase staffing. Despite some controversy over shifting features to a paid model, Semgrep will continue offering a free community edition for individual engineers.

Credit --> wsj.com

Companies Remain Complacent Amid Rising Cybercrime Risks from AI

At the recent World Economic Forum in Davos, experts highlighted increasing cyber threats, particularly those amplified by artificial intelligence. The Global Cybersecurity Outlook 2025 report emphasizes that geopolitical tensions and complex supply chains are escalating risks. Despite heightened awareness, many companies remain complacent, underestimating the financial and reputational damages resulting from cyberattacks.

Credit --> reuters.com

Australians Urged to Be Vigilant as Sophisticated Scams Surge

Australians are falling victim to increasingly sophisticated scams, often within seconds. Scammers exploit a sense of urgency to prompt quick decisions, making it challenging to recover lost funds. Investment scams are particularly prevalent, with significant losses reported. Authorities advise the public to verify suspicious communications through official channels.

Credit --> news.com.au

Ransomware Payments Decline Despite High-Profile Attacks

In 2024, ransomware payments decreased by 35% to $814 million, down from $1.25 billion in 2023. Law enforcement actions against major ransomware groups and increased global awareness have contributed to this decline. However, experts caution that ransomware trends can fluctuate, and sustained investment in defense is necessary.

Credit --> wired.com

Android Users Advised to Update Devices to Patch Critical Vulnerabilities

Android users are urged to update their devices immediately to address critical vulnerabilities that allow hackers to bypass passwords and hijack devices. The February 2025 security update addresses nearly 50 flaws. Users should check for the latest security patch levels in their settings to ensure protection.

Credit --> thesun.co.uk

Uncertainty Surrounds U.S. Cybersecurity Agency's Role in Elections

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), instrumental in securing voting systems, faces an uncertain future under the current administration. With no new head appointed and absence from key meetings, the agency's focus may shift, raising concerns among state officials about the continuity of election security efforts.

Credit --> apnews.com

Queensland Police Officers Deceived by Internal Phishing Exercise

Queensland police officers were misled by an internally generated phishing email promising a pay rise. The exercise, intended to test phishing awareness, caused confusion amid sensitive pay negotiations. The police service has pledged to review and prevent recurrence of such incidents.

Credit --> couriermail.com.au

Healthcare Providers Face Stricter Cybersecurity Regulations

In response to a surge in cyberattacks on U.S. healthcare systems, regulators propose tougher cybersecurity rules for 2025. Smaller healthcare providers express concern over the affordability of compliance, highlighting the need for federal support and guidance.

Credit --> wsj.com

UK Underestimates Cyber-Attack Threats, Warns Security Chief

Richard Horne, head of the UK's National Cyber Security Centre, warns that the country is underestimating cyber threats from hostile states and criminal gangs. He emphasizes the need for greater resilience and defense of critical infrastructure, citing a significant increase in severe incidents.

Credit --> theguardian.com

Microsoft President Urges Stronger Stance Against Cyber Attacks

Microsoft President Brad Smith calls for the U.S. administration to prioritize cybersecurity and take a firmer stance against cyber attacks from nations like Russia, China, and Iran. He emphasizes the need for cybersecurity to be a prominent issue in international relations.

Credit --> businessinsider.com