"ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection"

Many consumers and businesses in Australia, Japan, the US, and India have been infected with the evasive information-stealing malware ViperSoftX. ViperSoftX was first discovered in 2020, and in November 2022, the cybersecurity company Avast described a campaign that involved the malware in distributing a malicious Google Chrome extension capable of stealing cryptocurrencies from wallet applications. A new analysis by Trend Micro reveals that the malware now uses more sophisticated encryption and basic anti-analysis techniques, such as byte remapping and web browser communication blocking. The vector of entry for ViperSoftX is typically a software crack or a key generator (keygen), but it also uses non-malicious applications such as multimedia editors and system cleaners as "carriers." Before downloading the first-stage PowerShell loader, the malware performs a series of anti-virtual machine, anti-monitoring, and anti-malware checks. The loader then decrypts and initiates a second-stage PowerShell script retrieved from a remote server, which launches the primary routine responsible for installing malicious browser extensions to exfiltrate passwords and cryptocurrency wallet data. This article continues to discuss researchers' findings and observations regarding the ViperSoftX information-stealing malware. 

THN reports "ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection"