ViperSoftX, a versatile malware, has evolved to target cryptocurrency information using the Tesseract OCR engine. This advancement allows the malware to extract text from images on infected systems, particularly focusing on sensitive data like passwords and cryptocurrency wallet addresses. Additionally, the malware is now capable of deploying other malicious strains such as Quasar RAT and TesseractStealer.
Attackers are leveraging ViperSoftX’s enhanced functionalities to execute remote commands, steal information, and deploy additional malware. Avast and TrendMicro have identified updated routines within the malware, showcasing its continuous evolution and sophistication. Furthermore, recent cases have seen ViperSoftX employing Tor for anonymized communication, emphasizing the attackers’ efforts to conceal their activities.
Quasar RAT, distributed through ViperSoftX since July 2023, grants attackers remote access to compromised systems, enabling various malicious activities including keylogging and credential collection. The use of TesseractStealer, an infostealer deployed alongside Quasar RAT, demonstrates a concerted effort to extract sensitive information from compromised systems, particularly targeting cryptocurrency-related data. The integration of Tesseract library for OCR underscores the attackers’ focus on capturing screenshots containing valuable information for cryptocurrency theft.
