Go to listing page

ViperSoftX Upgraded with Sophisticated Anti-Detection Techniques

ViperSoftX Upgraded with Sophisticated Anti-Detection Techniques
ViperSoftX, a cryptocurrency- and information-stealing malware, which has been around since 2020, has undergone a major change to improve its anti-detection capabilities. In November 2022, the operators released a new version of the malware that was capable of loading a custom malicious browser extension to Chromium-based browsers installed on infected systems.

ViperSoftX’s latest version

TrendMicro researchers note that the latest version of ViperSoftX has been updated to include a sophisticated encryption method that makes decryption and analysis of the shellcode more difficult for analysts.
  • It uses the unique byte mapping process, a complex encryption algorithm that involves placing the correct byte in the correct location. This ensures that the shellcode will not be decrypted without the correct DLL. 
  • Besides shellcode, all the strings, binaries, and other relevant data within the 
  • ViperSoftX is also encrypted with the byte mapping process.  
  • Unlike the previous version that arrives as a software crack, an activator, or a patcher, the new version masquerades as a fake software update for multimedia editors, video format converters, or cryptocurrency apps. 

On the target

  • A significant number of victims across Australia, Japan, the U.S., India, Taiwan, Malaysia, France, Italy, and Pakistan are affected by ViperSoftX. 
  • The enterprise sector made up over 40% of the total number of affected victims.

Other findings

  • The latest version of the info-stealer comes with the capability to steal passwords from two password managers such as KeePass 2 and 1Password.
  • It is speculated that the malware operators abused a recent security flaw (CVE-2023-24055) in KeePass to dump stored passwords in plain text. 

Conclusion

The simultaneous use of techniques to steal cryptocurrencies and passwords indicates that at least two groups are involved in the latest ViperSoftX campaign. Moreover, the addition of new evasion techniques highlights that the operators are skilled enough to execute malware seamlessly throughout the attack chain. Therefore, users are advised to refrain from downloading software and applications from unofficial and free sources and instead rely on official sources.
Cyware Publisher

Publisher

Cyware