We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Password Managers Targeted by ViperSoftX Malware

Password Managers Targeted by ViperSoftX Malware
Keira Waddell Published on 2nd May 2023 Senior Writer

Cybersecurity researchers at Trend Micro have discovered a new version of the ViperSoftX information-stealing malware with a broader range of targets, including the password managers KeePass and 1Password. The malware has been previously known to steal data from infected devices and install a malicious extension named VenomSoftX on the Chrome browser. However, the targeted browsers now also include Brave, Edge, Opera, and Firefox.

ViperSoftX was initially discovered in 2020 as a JavaScript-based remote access trojan and crypto hijacker. However, a stronger version was reported by Avast in November 2022. The malware typically arrives alongside software cracks, activators, or key generators, hiding within seemingly harmless software. Trend Micro reports that ViperSoftX targets both the consumer and enterprise sectors, with over 50% of the detected activity occurring in Australia, Japan, the US, India, Malaysia, Taiwan, Italy, and France.

Notably, the malware now searches for files linked with the browser extensions of 1Password and KeePass password managers, with the intent to steal the stored data. However, it isn’t entirely clear at this point how the malware would achieve this. Trend Micro told Bleeping Computer that it believes that if password managers are detected, the threat actors could breach them with yet-to-be-seen methods in later stages of the attack.

ViperSoftX can also steal from more cryptocurrency wallets than before. Targeted wallets include Blockchain, Binance, Kraken, eToro, Coinbase, Gate.io, Bitcoin, Delta, Exodus, Coin98, Coinbase, MetaMask, Enkrypt, and many more.

This latest iteration of ViperSoftX features strong anti-detection, anti-analysis, and stealth-boosting features, including DLL sideloading, byte mapping to encrypt its code, and a new communication blocker on web browsers to make C2 infrastructure analysis and malicious traffic detection harder.

To safeguard against these kinds of attacks, it’s advised to avoid downloading illegal software cracks, activators, or key generators. They commonly contain various dangerous malware — not just ViperSoftX.

About the Author

Keira is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.