In order to steal cryptocurrency and clipboard contents, ViperSoftX was detected by the security analysts at Avast, a Windows malware that is using a Google Chrome extension called VenomSoftX.
A JavaScript-based RAT and crypto-hijacker are hidden within this Chrome extension which constantly attempts to steal the cryptocurrency and clipboard contents.
Approximately 93,000 ViperSoftX infection attempts were detected and stabilized by Avast experts since the beginning of 2022 in the following countries:-
While the following are the countries that have been most affected by the crisis:-
Furthermore, this extension is also capable of hijacking other web browsers in addition to Chrome, including:-
Security researchers Cerberus and Colin Cowie released data on ViperSoftX in 2020, indicating that it had been circulating since 2020.
In addition to granting full access to every page the victim visits, the malicious extension also provides a number of other abilities including:-
VenomSoftX and ViperSoftX are both malware programs that target infected computers in order to steal crypto assets from them. Here below we have mentioned the estimated statistics of their monetary gains:-
As of November 8, 2022, there is approximately $130,421.56 in the wallets of the operators of ViperSoftX and VenomSoftX that redirect stolen cryptocurrency.
There is a difference between this amount and the other possible profits from other activities since this figure only includes the amount sent to wallets for cryptocurrencies.
ViperSoftX is mostly distributed through torrent files containing the cracked software and game cracks that are embedded in the torrent files.
Upon downloading the file, you will find a file that contains an executable which is a malware loader that decodes the AES data in an attempt to create the following files:-
As soon as the malicious code line is executed, it starts decrypting a payload called ViperSoftX stealer, which is hidden somewhere toward the bottom of the 5MB log file.
The extension’s intention is to disguise itself as a Google productivity app called “Google Sheets 2.1” so as to avoid detection by victims.
It appears that VenomSoftX and ViperSoftX activities overlap a bit since they both target cryptocurrency assets owned by victims. Since it has a different method of completing the theft, so it will have a higher chance of being successful.
There are several services targeted by VenomSoftX, including the following:
Besides monitoring the clipboard, the extension also monitors whether any wallet addresses have been copied to the clipboard. A user’s cryptocurrency wallet address can also be displayed on a website with the help of this extension by modifying the HTML on the website.
The extension not only redirects payments to the threat actor during this process but also controls elements in the background that make this possible.
The extension must be removed and the browser data needs to be cleared in order to ensure that the malicious extension has been completely removed from your computer.
Managed DDoS Attack Protection for Applications – Download Free Guide
Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…
Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…
The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…
Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…
Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…
Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…