Chinese malware on the rise
Since the beginning of 2023, an increase in suspected Chinese cybercrime activities involving malware being distributed via email has been observed. Among other things, the Sainbox Remote Access Trojan (RAT) was used - a variant of the commodity Trojan Gh0stRAT. The newly identified ValleyRAT malware was also distributed as part of the activity. The campaigns observed were generally small in scope and mostly addressed global companies with branches in China. Email subject lines and content were commonly written in Chinese and were related to invoices, payments, and new products. The users who…