Valak was registered last year for the first time and classified as a loader, which was used in several campaigns especially in the USA. It was found in an investigation in April 2020 that Valak was primarily used for attacks in the United States.
Primarily Attacks Administrators And Corporate Networks
Exchange server infiltration collects and steals confidential information from the Microsoft Exchange mail system, including login information and the domain certificate.
Comprehensive features and modular architecture: The basic features of Valak can be expanded with a number of plug in components for espionage purposes and data theft. Valak has developed from a simple loader to a sophisticated, multi stage malware that extends its functionality using plugins from your server. There are other plugins, which are obviously both primarily used for attacks on companies.
Although Valak only appeared last year and was then categorized as a simple malware loader by various security analysts, the investigation shows that Valak hides a much more far reaching threat. In fact, we are dealing here with sophisticated modular malware that has innumerable functions for data espionage and for the theft of data.
These advanced malware features indicate that Valak can be used independently as well as with other malware. It should be mentioned that the threat actor responsible for the malware apparently works with like minded people within the e-crime and with the aim of developing a far more dangerous version of the malware. The attacks with Valak are currently apparently focused on targets in the United States. It is expected that the malware will evolve and increase its popularity among cybercriminals. The cyber teams continuously monitor the development, including whether and when other regions will be affected in the future.