July 10, 2024 at 02:28AM
The ViperSoftX malware, identified in 2020, has now evolved to use .NET CLR to obfuscate its PowerShell commands, concealing them in AutoIt-generated scripts. This sophisticated malware targets professionals by infiltrating pirated eBooks and aims to steal system information and cryptocurrency. Trellix’s report provides detection details for this new variant.
Key takeaways from the meeting notes:
1. ViperSoftX, a rapidly-evolving infostealer malware, has adopted new capabilities, including the use of .NET Common Language Runtime (CLR) to obfuscate PowerShell commands and hiding within scripts generated by the freeware program AutoIt. This enables it to evade detection mechanisms and run PowerShell commands in a concealed environment.
2. The latest variant of ViperSoftX has been observed in pirated eBooks distributed over torrents, suggesting a shift in its targeting towards professionals in enterprise environments.
3. The malware is designed to steal system information, cryptocurrency wallet details, clipboard contents, and other data while avoiding detection by employing various obfuscation techniques and disabling Windows security features like AMSI.
4. Attackers use AutoIt scripts to hide their malicious actions, leveraging existing scripts to accelerate development and improve evasion tactics, making ViperSoftX a significant threat in the cybersecurity landscape.
5. Trellix’s report on this latest ViperSoftX variant contains detection details that should be reviewed to understand and defend against this sophisticated malware threat.
6. The potential objectives of ViperSoftX may be evolving beyond purely monetary gain, as evidenced by its latest obfuscation features and targeting of professionals with bootleg eBook downloads.
It is essential to review the details provided in Trellix’s report for a comprehensive understanding of this evolving malware threat.