Security News > 2020 > May > Improved Version of Valak Malware Targets Enterprises in US, Germany
Recent versions of the Valak malware have been used in attacks targeting Microsoft Exchange servers at organizations in the United States and Germany, Cybereason's Nocturnus researcher team warns.
Discovered in late 2019, when it was used as a loader for malware such as Ursnif and IcedID, Valak has evolved into a sophisticated piece of malware that can be used as an information stealer, targeting individuals and enterprises alike.
"Our analysis reveals that this time, the payload downloaded by Valak was IcedID. However, the payload can vary, as the attackers can download other payloads to the infected system. In previous infections, Valak downloaded different remote administration tools like putty.exe and NetSupport Manager," Cybereason Nocturnus explains.
The researchers discovered that Valak's relationship with other malware is actually multilateral.
"The extended malware capabilities suggest that Valak can be used independently with or without teaming up with other malware. That being said, it seems as though the threat actor behind Valak is collaborating with other threat actors across the E-Crime ecosystem to create an even more dangerous piece of malware," Cybereason Nocturnus concludes.