ValleyRAT Campaign Targets Job Seekers

ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading Source: www.trendmicro.com/en_us/res… Trend Micro has identified a new ValleyRAT campaign that demonstrates a layered and increasingly sophisticated approach. The operators combine social-engineering lures aimed at job seekers, deeply nested directory structures for obfuscation and DLL side-loading through Foxit PDF Reader to execute the payload. Telemetry shows a significant rise in ValleyRAT detections, indicating strong operational success. While ValleyRAT traditionally targeted Chinese-speaking users, current activity suggests the operators are broadening their reach. English-language filenames found in malicious archives point to an expansion toward job seekers globally. The lure is effective because job seekers often respond quickly to messages that appear to come from employers. Emotional pressure, urgency and the desire for new opportunities reduce scrutiny, increasing the likelihood that victims will download and open malicious attachments.