ClickCease ViperSoftX malware targets Windows users

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

ViperSoftX malware targets Windows users

May 8, 2023 - TuxCare PR Team

Cybersecurity researchers have issued a warning about ViperSoftX, an information-stealing virus that has infected a large number of people and businesses who use Windows.

According to Trend Micro, the virus was originally discovered in 2020 and employs advanced encryption and anti-analysis tactics such as byte remapping and web browser connection blocking. It employs non-malicious applications such as multimedia editors and system cleanup apps as “carriers” to penetrate its victims’ computers, such as software cracks or key generators.

The virus is a JavaScript-based Remote Access Trojan and bitcoin stealer that became prominent before the end of 2019 and is still active at the time of writing. Before executing its payload, the virus uses AES decryption, converting char arrays, and UTF8 decoding methods to unravel eight levels of code obfuscation.

While ViperSoftX is most commonly seen as a software crack, activator, patcher, or key generator, it also masquerades as multimedia editors, video format converters, cryptocurrency coinminer apps, phone-related desktop apps, and system cleaner apps. These files are used by the attackers as “carriers” for the primary virus, which is encrypted within the overlay.

Right before downloading a first-stage PowerShell loader, which subsequently executes a second-stage PowerShell script, it runs a variety of anti-virtual machine, anti-monitoring, and anti-malware checks. This starts the main procedure, which installs rogue browser extensions to steal passwords and cryptocurrency wallet info.

It then targets common online browsers, and its major command-and-control (C&C) servers used for the second stage download vary on a monthly basis, indicating that the attackers are attempting to avoid detection. It also looks for password managers like KeePass 2 and 1Password.

Don Ovid Ladores, a Trend Micro analyst, stated that the crooks behind ViperSoftX were very proficient at completing a flawless chain for malware execution while remaining under the radar of authorities. Meanwhile, Fortinet, a cybersecurity firm, has detected and blocked highly obfuscated malicious malware in a large OT environment.

The sources for this piece include an article in TheHackerNews.

ViperSoftX malware targets Windows users
Article Name
ViperSoftX malware targets Windows users
Cybersecurity researchers have issued a warning about ViperSoftX, an information-stealing virus that has infected Windows users.
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter