Avast experts have discovered malware that steals information from users of Windows systems.
We’ve been closely monitoring an information stealer called ViperSoftX.
They named the USA, India, Italy and Brazil among the most affected countries.
This multi-stage stealer exhibits interesting hiding capabilities, concealed as small PowerShell scripts on a single line in the middle of otherwise innocent-looking large log files, among others. ViperSoftX focuses on stealing cryptocurrencies, clipboard swapping, fingerprinting the infected machine, as well as downloading and executing arbitrary additional payloads, or executing commands.
One of the payloads ViperSoftX distributes is a specific information stealer in the form of a browser extension for Chromium-based browsers. Due to its standalone capabilities and uniqueness, we decided to give it its own name, VenomSoftX. The malicious extension provides full access to every page the victim visits, carries out man-in-the-browser attacks to perform cryptocurrency addresses swapping by tampering with API requests’ data on popular cryptocurrency exchanges, steals credentials and clipboard content, tampers with crypto addresses on visited websites, reports events using MQTT to the C&C server, and more.
ViperSoftX is mostly spread via cracked software such as Adobe Illustrator, Corel Video Studio, Microsoft Office, and more, commonly distributed over torrents.
https://decoded.avast.io/janrubin/vipersoftx-hiding-in-system-logs-and-spreading-venomsoftx/What are we seeing? Again, Windows systems and the Chrome browser Everyone is strongly advised to start studying Linux systems and not to trust this browser and, even more, various extensions that supposedly simplify the work on the Internet.
