In a concerning development in cybersecurity, researchers have uncovered a new tactic employed by the ViperSoftX malware: using eBooks as a camouflage for its malicious operations. Trellix security experts Mathanraj Thangaraju and Sijo Jacob revealed that ViperSoftX leverages the Common Language Runtime (CLR) to integrate PowerShell commands within AutoIt scripts, allowing it to execute stealthy attacks that bypass conventional detection methods. Originally flagged by Fortinet in 2020, ViperSoftX has gained notoriety for its ability to steal sensitive data from compromised Windows systems. Trend Micro’s findings in April 2023 documented its sophisticated evasion techniques, including byte remapping and blocking browser communications.
Recent instances indicate that ViperSoftX has been involved in distributing other malware such as Quasar RAT and TesseractStealer. The malware’s distribution method has expanded to include eBooks shared through torrent networks, marking a shift from traditional vectors like cracked software. Victims unwittingly download these infected eBooks, initiating a multi-stage infection process. This includes executing a deceptive Windows shortcut that ultimately deploys the AutoIt script embedded with PowerShell capabilities via CLR integration.
ViperSoftX’s functionality extends to harvesting system information, scanning for cryptocurrency wallets, and dynamically downloading additional payloads based on commands from a remote server. It also incorporates self-deletion mechanisms to evade detection once its malicious activities are underway. This evolution underscores the relentless innovation of cyber threat actors in circumventing cybersecurity measures, posing significant challenges for defenders striving to protect against sophisticated malware campaigns.
As cybersecurity threats continue to evolve, experts emphasize the importance of vigilance in software downloads and updates, along with robust security practices to mitigate the risks posed by such advanced malware like ViperSoftX. The use of eBooks as a delivery method underscores the adaptability of cybercriminals, necessitating ongoing advancements in detection and response capabilities to safeguard against these evolving threats.
Reference:
