PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers

A cyber attack campaign, targeting Chinese-speaking regions, uses a multi-stage loader called PNGPlug to deliver ValleyRAT malware. The attack chain begins with a phishing page, leading to a malicious MSI package disguised as legitimate software. Once executed, the package deploys a benign application while extracting and executing the ValleyRAT payload, providing attackers with unauthorized access to infected machines.