New versions of already active malware target 1Password (in our opinion the best password manager for families) and KeePass.
ViperSoftX is already an infostealer targeting cryptocurrency wallets, but it’s not just targeting Google Chrome, it’s attacking multiple web browsers and password managers, as well as many more cryptocurrency wallets.
It also has enhanced code encryption to evade detection by antivirus tools.
new version ViperSoftX Can Install Malicious Chrome Extension VenomSoftX, Security Researchers Say TrendMicro (opens in new tab) Microsoft Edge, Mozilla Firefox, Opera and Brave.
This malware was first discovered in 2020 using a JavaScript-based RAT (Remote Access Trojan) to steal cryptocurrencies. However, by 2022, Avast (opens in new tab) The cybersecurity vendor claims to have stopped nearly 100,000 malware attacks on its customers for most of the last year, and has found significant progress in its capabilities. , Brazil, and India.
But now ViperSoftX is expanding its global reach, with Trend Micro detecting even more prominent activity in Australia, Japan, Taiwan, Malaysia, and France. Businesses and consumers alike are being targeted. Analysts have found that malware is often hidden in software cracks and activators.
In addition to now attacking more cryptocurrency wallets, the latest version of ViperSoftX, by Trend Micro, scrutinizes files related to 1Password and KeePass and attempts to steal data related to their browser extensions. It turned out that
An exploit tracked as CVE-2023-24055 allows exporting stored passwords to plain text files, and Trend Micro has now found evidence of this being used by ViperSoftX.
But it told BleepingComputer (opens in new tab) Later in the attack, the malware can steal the user’s vault, extracting data from the victim’s system and sending it to the attacker.
More worryingly, the new ViperSoftX uses DLL sideloading to falsely identify itself as a trusted process and remain undetected by security software. It also checks for the presence of monitoring tools such as VMWare and Process Monitor and antivirus software such as Windows Defender and ESET on the system before starting the process.
It also uses byte mapping. This is a technique that makes decryption very difficult without the correct map to encrypt the code.