Check Point Research (CPR) has published a comprehensive analysis of ValleyRAT, a widely distributed backdoor also known as Winos/Winos4.0, revealing its sophisticated modular architecture and dangerous kernel-mode rootkit capabilities.
The research demonstrates how the malware’s developers possess deep expertise in Windows internals and successfully bypass modern security protections on fully updated Windows 11 systems.
The most alarming discovery involves ValleyRAT’s “Driver Plugin,” which embeds a kernel-mode rootkit signed with valid but expired certificates.
https://gbhackers.com/valleyrat-malware-2/