Silver Fox is exploiting a previously unknown vulnerable driver associated with WatchDog Anti-malware to deploy ValleyRAT malware, using a dual-driver strategy to neutralize endpoint protection products and allowing for malware deployment and persistence. The attackers have adapted to a patch by Watchdog, altering a single byte to bypass hash-based blocklists while preserving the driver's valid Microsoft signature.