A malware campaign targeting Chinese-speaking users has been identified, delivering three types of malware: ValleyRAT, FatalRAT, and kkRAT. The campaign uses fake installer pages to distribute the malware. kkRAT, a new Remote Access Trojan, shares similarities with Ghost RAT and Big Bad Wolf. It employs advanced evasion techniques, including sandbox detection and anti-analysis methods. The malware uses the BYOVD technique to disable antivirus and EDR systems. kkRAT's features include clipboard manipulation for cryptocurrency address replacement and deployment of remote monitoring tools. The malware's network communication protocol is similar to Ghost RAT's but with added encryption. kkRAT supports multiple plugins and commands for various malicious activities.