Silver Fox cybercrime group has expanded Winos 4.0 and HoldingHands RAT malware campaigns from China and Taiwan to Japan and Malaysia. The attacks use phishing emails with malicious PDFs disguised as official government documents, particularly from finance ministries. The malware employs sophisticated techniques including DLL side-loading, anti-VM checks, security software termination, and Task Scheduler manipulation to evade detection. A parallel campaign called Operation Silk Lure targets Chinese fintech and cryptocurrency companies through fake job seeker emails containing malicious LNK files. Both malware families are derived from the leaked Gh0st RAT source code and enable remote access, data exfiltration, and command execution on compromised systems.
Table of contents
Operation Silk Lure Targets China with ValleyRAT #Sort: