{"id":205793,"date":"2025-02-07T03:12:41","date_gmt":"2025-02-07T09:12:41","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/02\/fake-google-chrome-sites-distribute-valleyrat-malware-via-dll-hijacking"},"modified":"2025-02-07T03:12:41","modified_gmt":"2025-02-07T09:12:41","slug":"fake-google-chrome-sites-distribute-valleyrat-malware-via-dll-hijacking","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/02\/fake-google-chrome-sites-distribute-valleyrat-malware-via-dll-hijacking","title":{"rendered":"Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/fake-google-chrome-sites-distribute-valleyrat-malware-via-dll-hijacking2.jpg\"><\/a><\/p>\n<p>Morphisec CTO Michael Gorelik told The Hacker News that there is evidence connecting the two activity clusters, and that the deceptive Chrome installer site was previously leveraged to download the Gh0st RAT payload.<\/p>\n<p>\u201cThis campaign specifically targeted Chinese-speaking users, as indicated by the use of Chinese-language web lures and applications aimed at data theft and evasion of defenses by the malware,\u201d Gorelik said.<\/p>\n<p>\u201cThe links to the fake Chrome sites are primarily distributed through drive-by download schemes. Users searching for the Chrome browser are directed to these malicious sites, where they inadvertently download the fake installer. This method exploits the users\u2019 trust in legitimate software downloads, making them susceptible to infection.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Morphisec CTO Michael Gorelik told The Hacker News that there is evidence connecting the two activity clusters, and that the deceptive Chrome installer site was previously leveraged to download the Gh0st RAT payload. \u201cThis campaign specifically targeted Chinese-speaking users, as indicated by the use of Chinese-language web lures and applications aimed at data theft and [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-205793","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/205793","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=205793"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/205793\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=205793"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=205793"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=205793"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}