ViperSoftX Malware Used by Threat Actors to Steal Sensitive Information

The AhnLab Security Intelligence Center (ASEC) has recently issued a detailed report confirming the persistent distribution of ViperSoftX malware by threat actors, with notable impact on users in South Korea and beyond.

First identified by Fortinet in 2020, ViperSoftX is a sophisticated PowerShell-based malware designed to infiltrate infected systems, execute remote commands, and steal sensitive data, particularly targeting cryptocurrency-related information.

Ongoing Threat Targets Cryptocurrency Users Globally

Disguised as cracked software, key generators, or even eBooks on torrent sites, as reported by Avast (2022), Trend Micro (2023), and Trellix (2024), this malware employs deceptive initial access tactics to ensnare unsuspecting victims worldwide.

The use of such illegal duplication programs as an infection vector remains a prevalent strategy among various cybercriminals, amplifying the reach of ViperSoftX and resulting in widespread infections.

ViperSoftX demonstrates remarkable persistence through the abuse of Windows Task Scheduler to execute malicious PowerShell scripts ...