216.73.216.133

ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading

· Published 03/12/2025 09:29 · Modified 21/12/2025 18:18

Export JSON

Essential information

Published
03/12/2025 09:29
Modified
21/12/2025 18:18
Tags
2025-12-03 data theft dll side-loading foxit pdf reader job seekers remote access trojan social engineering valleyrat
Related entities
25 observables, 1 intrusion sets (apt), 12 techniques (mitre), 1 malware

Description

A campaign is targeting through email, disguising itself as a and using for initial system access. The campaign exploits ' eagerness by using recruitment-related lures in archive files. The attack employs sophisticated techniques, including obfuscation through nested directories and execution via DLL sideloading. Once activated, can lead to system control, activity monitoring, and . The campaign's success is evident from a spike in detections. It demonstrates the integration of , legitimate software abuse, and advanced malware techniques to exploit vulnerabilities in both systems and human psychology.

External references