Full Story:Cybercriminals have found a clever way to slip past security defenses by hiding malware inside a program most people trust without a second thought.
Researchers have uncovered a campaign that abuses the popular VLC media player to quietly install ValleyRAT, a remote access trojan that gives attackers full control over infected computers.
The attack starts with something deceptively ordinary: an email. Victims receive a message about personnel transfers or salary changes, complete with a link to download a file.
Once opened, that file sets off a chain of events that ends with a hidden backdoor running silently in memory, invisible to many traditional antivirus tools.
Analysts from LevelBlue identified the campaign while tracking a steady rise in ValleyRAT detections through their Global Security Operations Center.
The malware has been active since 2023, but activity accelerated sharply through 2025 and into 2026, nearly doubling compared to the previous year.
Hackers Use Fake VLC Executable and Malicious libvlc.dll to Deploy ValleyRAT
VLC abuse spreads ValleyRAT via HR-themed emails, running a hidden in-memory backdoor that gives attackers full control of PCs.
cybersecuritynews.com