Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

The Silver Fox threat actor is conducting a false flag operation to mimic Russian threat groups while targeting organizations in China. The campaign uses SEO poisoning and fake Microsoft Teams installers as lures to trick users into downloading malicious setup files. The attack results in the deployment of ValleyRAT (also known as Winos 4.0) malware. This represents an active malware distribution campaign with sophisticated social engineering tactics including impersonation of legitimate software and geopolitical false flag operations.