Security News > 2024 > July > ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks
![ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks](/static/build/img/news/vipersoftx-malware-disguises-as-ebooks-on-torrents-to-spread-stealthy-attacks-medium.jpg)
The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents.
"A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations," Trellix security researchers Mathanraj Thangaraju and Sijo Jacob said.
"By utilizing CLR, ViperSoftX can seamlessly integrate PowerShell functionality, allowing it to execute malicious functions while evading detection mechanisms that might otherwise flag standalone PowerShell activity."
As recently as May 2024, malicious campaigns have leveraged ViperSoftX as a delivery vehicle to distribute Quasar RAT and another information stealer named TesseractStealer.
ViperSoftX harvests system information, scans for cryptocurrency wallets via browser extensions, captures clipboard contents, and dynamically downloads and runs additional payloads and commands based on responses received from a remote server.
"One of the hallmark features of ViperSoftX is its adept use of the Common Language Runtime to orchestrate PowerShell operations within the AutoIt environment," the researchers said.
News URL
https://thehackernews.com/2024/07/vipersoftx-malware-disguises-as-ebooks.html
Related news
- DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks (source)
- Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine (source)
- More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack (source)
- Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks (source)
- FakeBat Loader Malware Spreads Widely Through Drive-by Download Attacks (source)
- Hackers attack HFS servers to drop malware and Monero miners (source)
- GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks (source)
- Windows MSHTML zero-day used in malware attacks for over a year (source)
- PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks (source)
- New BugSleep malware implant deployed in MuddyWater attacks (source)