HQ/EMEAFind out how we can help your business
The cryptocurrency and infostealer entity from 2020, ViperSoftX malware, has reemerged and displayed new upgrades that improved its anti-detection capabilities. The malware developers allegedly released a new version of the malware last year.
The latest version could load a custom browser extension on browsers that run on Chromium installed on compromised systems.
The ViperSoftX malware has also updated its encryption capabilities to secure compromised files.
According to investigations, the ViperSoftX malware developers upgraded its latest version and included a sophisticated encryption tactic that makes decryption and threat analysis of the shellcode challenging for researchers.
In addition, the newly upgraded malware utilises a unique byte mapping method, a sophisticated encryption algorithm that involves placing the proper byte in the precise location. The strategy ensures the shell code will not undergo the decryption process without the required DLL.
The process will also encrypt the ViperSoftX on other relevant data, shellcode, binaries, and strings with the byte mapping process.
The threat actors developed the new version to impersonate a fake software update for video format converters, crypto applications, and multimedia editors. These upgrades are some of the significant changes for the new version since the previous strain only acts as a software crack, patcher, or activator.
ViperSoftX has infected several victims from countries such as France, Australia, India, Malaysia, Taiwan, Italy, Pakistan, Japan, and the United States.
Further investigation also confirmed that the infostealer includes standard malware capabilities like password stealing from password managers, such as 1Password and KeePass 2. Some researchers believe that the malware operators also exploit a recently discovered security vulnerability in KeePass to dispose of stored passwords in plain text.
However, cybersecurity experts claim that some threat groups might utilise ViperSoftX since two simultaneous techniques are involved in deploying the malware.
Furthermore, including new obfuscation tactics shows how the operators could finesse through the execution of malware throughout different attack chains.
Organisations and users should avoid downloading software and apps from unknown software or accessible sources since threat actors will likely offer their products to unsecured platforms.
