ViperSoftX malware targets Windows users
Cybersecurity researchers have issued a warning about ViperSoftX, an information-stealing virus that has infected a large number of people and businesses who use Windows.
According to Trend Micro, the virus was originally discovered in 2020 and employs advanced encryption and anti-analysis tactics such as byte remapping and web browser connection blocking. It employs non-malicious applications such as multimedia editors and system cleanup apps as “carriers” to penetrate its victims’ computers, such as software cracks or key generators.
While ViperSoftX is most commonly seen as a software crack, activator, patcher, or key generator, it also masquerades as multimedia editors, video format converters, cryptocurrency coinminer apps, phone-related desktop apps, and system cleaner apps. These files are used by the attackers as “carriers” for the primary virus, which is encrypted within the overlay.
Right before downloading a first-stage PowerShell loader, which subsequently executes a second-stage PowerShell script, it runs a variety of anti-virtual machine, anti-monitoring, and anti-malware checks. This starts the main procedure, which installs rogue browser extensions to steal passwords and cryptocurrency wallet info.
It then targets common online browsers, and its major command-and-control (C&C) servers used for the second stage download vary on a monthly basis, indicating that the attackers are attempting to avoid detection. It also looks for password managers like KeePass 2 and 1Password.
Don Ovid Ladores, a Trend Micro analyst, stated that the crooks behind ViperSoftX were very proficient at completing a flawless chain for malware execution while remaining under the radar of authorities. Meanwhile, Fortinet, a cybersecurity firm, has detected and blocked highly obfuscated malicious malware in a large OT environment.
The sources for this piece include an article in TheHackerNews.