Cybersecurity company Trend Micro recently released a detailed report on the new version of Vipersoftx, a malware that now targets a wider range of cryptocurrency wallets and popular password managers. The latest version of the software features stronger code encryption and functions to avoid detection by security software.
Vipersoftx is a form of malicious software that steals information from infected computers. It was first documented in 2020 as a remote access Trojan based on JavaScript, capable of stealing victims’ cryptocurrency.
Previous studies have shown that Vipersoftx can establish a harmful extension called Venomsoftx in Chromium browsers. However, the latest version now targets Brave, Edge, Opera, and Firefox browsers as well.
According to an earlier report by Avast, they discovered and stopped about 90,000 Vipersoftx attacks on their customers mainly in the USA, Italy, Brazil, and India from January to November 2022. Trend Micro has reported that Vipersoftx is now targeting both the consumer and corporate sector, with Australia, Japan, the USA, India, Taiwan, Malaysia, France, and Italy accounting for the majority of detected malicious activity.
The malware is typically spread through harmless-looking software, such as cracks, activators, or key generators. In the latest version, Trend Micro noticed advanced functionality that can steal cryptocurrency from wallets such as Armory, Atomic Wallet, Binance, Bitcoin, Blockstream Green, Coinomi, Delta, Electrum, Exodus, Guarda, Jaxx Liberty, Ledger Live, Trezor Bridge, Coin98, Coinbase, Metamask, and Enkrypt.
What’s particularly interesting is that Vipersoftx now checks files related to the popular password managers 1password and Keepass in an attempt to steal data stored in browser extensions of these services.
The new version of Vipersoftx also implemented several functions to protect against detection and increase secrecy, such as using the current DLL Sideloading method to perform malicious activities in a model of trusted processes.