Password Managers Targeted by ViperSoftX Malware
Cybersecurity researchers at Trend Micro have discovered a new version of the ViperSoftX information-stealing malware with a broader range of targets, including the password managers KeePass and 1Password. The malware has been previously known to steal data from infected devices and install a malicious extension named VenomSoftX on the Chrome browser. However, the targeted browsers now also include Brave, Edge, Opera, and Firefox.
Notably, the malware now searches for files linked with the browser extensions of 1Password and KeePass password managers, with the intent to steal the stored data. However, it isn’t entirely clear at this point how the malware would achieve this. Trend Micro told Bleeping Computer that it believes that if password managers are detected, the threat actors could breach them with yet-to-be-seen methods in later stages of the attack.
ViperSoftX can also steal from more cryptocurrency wallets than before. Targeted wallets include Blockchain, Binance, Kraken, eToro, Coinbase, Gate.io, Bitcoin, Delta, Exodus, Coin98, Coinbase, MetaMask, Enkrypt, and many more.
This latest iteration of ViperSoftX features strong anti-detection, anti-analysis, and stealth-boosting features, including DLL sideloading, byte mapping to encrypt its code, and a new communication blocker on web browsers to make C2 infrastructure analysis and malicious traffic detection harder.
To safeguard against these kinds of attacks, it’s advised to avoid downloading illegal software cracks, activators, or key generators. They commonly contain various dangerous malware — not just ViperSoftX.