A widespread cryptocurrency- and information-stealing malware called ViperSoftX has affected numerous victims across consumer and enterprise sectors throughout Australia, Japan, the U.S., and India. ViperSoftX is a JavaScript-based Remote Access Trojan (RAT) that allows remote access and control over infected machines. This evasive malware has recently adopted advanced encryption and anti-analysis techniques to avoid detection. ViperSoftX enters systems through software cracks, key generators, and seemingly non-malicious applications, acting as carriers. Before deploying its main routine, the malware performs checks to evade virtual machines, monitoring, and anti-malware systems. It targets popular web browsers like Chrome, Firefox, and Edge, installing rogue extensions to extract passwords and cryptocurrency wallet data. The malware’s command-and-control servers frequently change to evade detection and scan for specific password managers.
The enterprise sector has been heavily targeted, comprising over 40% of the victims. The latest version also includes the ability to steal passwords from password managers like KeePass 2 and 1Password, possibly exploiting a recent security flaw (CVE-2023-24055) in KeePass. The presence of techniques targeting both cryptocurrencies and passwords suggests the involvement of multiple groups in the ViperSoftX campaign. The operators demonstrate high-level skills in executing malware seamlessly, emphasizing the importance of avoiding unofficial and free sources when downloading software.
To avoid malware like ViperSoftX, be cautious with email attachments and links, use official download channels, activate and update software from legitimate sources, install reputable security software, and regularly scan your system. Back up important files and use reputable malware removal tools if needed. Stay informed about ViperSoftX’s targeted cryptocurrency wallets and its latest developments, such as infecting browsers with the malicious extension VenomSoftX. Following these steps, you can protect yourself against this malware and other similar threats.