ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks

2024-07-10 05:35

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents.

"A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations," Trellix security researchers Mathanraj Thangaraju and Sijo Jacob said.

"By utilizing CLR, ViperSoftX can seamlessly integrate PowerShell functionality, allowing it to execute malicious functions while evading detection mechanisms that might otherwise flag standalone PowerShell activity."

As recently as May 2024, malicious campaigns have leveraged ViperSoftX as a delivery vehicle to distribute Quasar RAT and another information stealer named TesseractStealer.

ViperSoftX harvests system information, scans for cryptocurrency wallets via browser extensions, captures clipboard contents, and dynamically downloads and runs additional payloads and commands based on responses received from a remote server.

"One of the hallmark features of ViperSoftX is its adept use of the Common Language Runtime to orchestrate PowerShell operations within the AutoIt environment," the researchers said.

News URL

https://thehackernews.com/2024/07/vipersoftx-malware-disguises-as-ebooks.html

#attack #ebook #malware #torrent

News URL

Related news