ValleyRAT Malware Evades Windows 11 Security with Stealthy Driver Install
Posted: Sun Dec 14, 2025 8:08 am
Check Point Research (CPR) has published a comprehensive analysis of ValleyRAT, a widely distributed backdoor also known as Winos/Winos4.0, revealing its sophisticated modular architecture and dangerous kernel-mode rootkit capabilities.
The research demonstrates how the malware’s developers possess deep expertise in Windows internals and successfully bypass modern security protections on fully updated Windows 11 systems.
The most alarming discovery involves ValleyRAT’s “Driver Plugin,” which embeds a kernel-mode rootkit signed with valid but expired certificates.
https://gbhackers.com/valleyrat-malware-2/
The research demonstrates how the malware’s developers possess deep expertise in Windows internals and successfully bypass modern security protections on fully updated Windows 11 systems.
The most alarming discovery involves ValleyRAT’s “Driver Plugin,” which embeds a kernel-mode rootkit signed with valid but expired certificates.
https://gbhackers.com/valleyrat-malware-2/