Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Hackers Exploit VLC to Deploy ValleyRAT Malware

Hackers Exploit VLC to Deploy ValleyRAT Malware

Posted on July 3, 2026 By CWS

Cybercriminals have devised a sophisticated method to bypass security measures by embedding malware within a widely trusted software. Experts have revealed a campaign exploiting the popular VLC media player to discreetly deploy ValleyRAT, a remote access trojan that grants attackers complete control over compromised systems.

Email Phishing as Initial Attack Vector

The attack begins with a seemingly benign email. Recipients receive messages regarding personnel changes or salary adjustments, accompanied by a link to download a file. Once accessed, this file initiates a sequence culminating in a concealed backdoor, largely undetectable by conventional antivirus solutions.

Analysts at LevelBlue uncovered this campaign while monitoring a significant increase in ValleyRAT detections via their Global Security Operations Center. The malware has been active since 2023, but its prevalence surged significantly through 2025 and into 2026, nearly doubling from the previous year. The report, shared with Cyber Security News, highlights that the campaign specifically targets Chinese and Japanese-speaking users, though the risk extends globally due to widespread corporate presence in these regions.

Disguised VLC Executable and Malicious DLL

A notable aspect of this campaign is the utilization of a legitimate application for disguise. Rather than crafting new malware detectable by antivirus software, attackers modified the trusted VLC executable and combined it with a corrupted support file to evade detection.

The infection begins when a user clicks a link in the phishing email, prompting the download of a ZIP archive containing an executable and a DLL. The executable, masquerading with a Japanese filename, internally matches a genuine VLC build, while the DLL, named libvlc.dll, is a standard VLC component.

Windows’ trust in signed applications like VLC allows the fake executable to automatically load the malicious DLL, a technique known as DLL sideloading. This enables the execution of harmful code under the guise of a legitimate program.

Advanced Evasion Techniques

ValleyRAT employs sophisticated tactics to avoid detection in sandbox or analysis environments. It checks available memory, counts processor cores, and measures the duration of sleep commands, ceasing operations if it detects a monitoring environment.

The payload, encrypted using RC4, is decrypted directly in memory and injected into a suspended system process, avoiding traditional antivirus detection. This fileless approach leaves no traceable malicious files, complicating detection efforts.

Experts advise training employees to identify warning signs such as unusual Japanese filenames on executables, mismatched file descriptions, and business emails from free webmail domains. Implementing endpoint detection tools capable of identifying DLL sideloading and unusual process injection is also recommended.

For affected organizations, isolating compromised systems and reviewing security logs to determine attacker actions are crucial initial steps. In severe cases, a full operating system reinstall may be necessary.

This campaign underscores the potential for exploitation of trusted software, emphasizing the need for vigilance against small inconsistencies in emails and file properties as ValleyRAT continues to evolve its evasion techniques.

Cyber Security News Tags:computer virus, cyber attack, Cybersecurity, digital threat, DLL Sideloading, email phishing, endpoint detection, fileless malware, Malware, network security, phishing attack, remote access trojan, ValleyRAT, VLC, Windows security

Post navigation

Previous Post: Critical Vulnerability in Claude Cowork Sandbox Exposed

Related Posts

Oblivion RAT Exploits Fake Updates for Android Espionage Oblivion RAT Exploits Fake Updates for Android Espionage Cyber Security News
Europol‑Backed Operation Leads to 34 Arrests in Black Axe Crime Network Bust Europol‑Backed Operation Leads to 34 Arrests in Black Axe Crime Network Bust Cyber Security News
Qilin Ransomware Leveraging Mspaint and Notepad to Find Files with Sensitive Information Qilin Ransomware Leveraging Mspaint and Notepad to Find Files with Sensitive Information Cyber Security News
CISA Warns of OpenPLC ScadaBR File Upload Vulnerability Exploited in Attacks CISA Warns of OpenPLC ScadaBR File Upload Vulnerability Exploited in Attacks Cyber Security News
New BOF Tool Exploits Microsoft Teams’ Cookie Encryption allowing Attackers to Access User Chats New BOF Tool Exploits Microsoft Teams’ Cookie Encryption allowing Attackers to Access User Chats Cyber Security News
Critical Dell Storage Manager Vulnerabilities Let Attackers Compromise System Critical Dell Storage Manager Vulnerabilities Let Attackers Compromise System Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Hackers Exploit VLC to Deploy ValleyRAT Malware
  • Critical Vulnerability in Claude Cowork Sandbox Exposed
  • Ousaban Malware Targets Iberian Banks with Phishing PDFs
  • Ransomware Groups Exploit Citrix Vulnerability
  • New Malware Campaign Exploits TryCloudflare and Python

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Hackers Exploit VLC to Deploy ValleyRAT Malware
  • Critical Vulnerability in Claude Cowork Sandbox Exposed
  • Ousaban Malware Targets Iberian Banks with Phishing PDFs
  • Ransomware Groups Exploit Citrix Vulnerability
  • New Malware Campaign Exploits TryCloudflare and Python

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark