ViperSoftX malware by Jacques gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.
ViperSoftX: The malware that steals your passwords and cryptocurrencies
Do you use password managers or cryptocurrency wallets to secure your online data? Beware, you could be the target of a malware named ViperSoftX, which infiltrates your computer and steals your sensitive information. Find out how it works, how to detect it and how to protect yourself from it in this article.
ViperSoftX: The Malware that Steals Your Cryptocurrencies and Passwords
Global impact of ViperSoftX malware
This is not a regional threat, but a global one. The malware is mostly spread via torrents and software-sharing sites, which attract users from all over the world. According to Avast, the most impacted countries by ViperSoftX in 2022 were India, USA, Italy, and Brazil. However, Trend Micro reported that the malware also affected a significant number of victims in Australia, Japan, Taiwan, Malaysia and France in 2023. Both enterprises and consumers are at risk of losing their sensitive data and cryptocurrencies to this stealthy malware. Therefore, it is important to raise awareness about the dangers of ViperSoftX and how to prevent its infection.
How to avoid ViperSoftX, the malware that steals your sensitive data
This is malware is dangerous malware that targets Chrome and other browsers, and can steal your passwords from virtual password managers like 1Password or KeePass 2 and virtual cryptocurrency wallets. In this article, you will learn how it works and how to prevent it from infecting your device.
Features of ViperSoftX malware
ViperSoftX is a malware that stands out for its innovative arrival and execution techniques, enhanced encryption and malicious extension for web browsers. VipersoftX is a malware that steals information from infected computers.
What is ViperSoftX and how does it work?
ViperSoftX is a type of malware called infostealer, which means it is designed to steal the data from a device. It was first discovered in 2020 by Fortinet1, and has since evolved to become more sophisticated and stealthy.
ViperSoftX mainly targets the users of Chrome and other browsers, such as Firefox, Opera, Brave and Microsoft Edge. It installs a malicious extension called VenomSoftX on the browser, which can access and extract sensitive information such as browser login data, cryptocurrency wallets, stored credit card information, passwords and more2.
It establishes its persistence by copying itself to %APPDATA% and creating a shortcut in the startup directory to invoke it. It uses seemingly legitimate names to disguise itself, such as v pn_port.dll, reg.converter.sys, install.sig, and install.db
The main features of the malware
These features make ViperSoftX malware a serious threat to the security of users and organizations that use cryptocurrencies or password managers.
- Arrival technique by cracked software: The malware usually poses as a cracked software, an activator or a key generator, which hides the malicious code in the overlay. The malware uses non-malicious files as carriers of the malicious code, such as gup.exe from Notepad++, firefox.exe from Tor or ErrorReportClient.exe from Magix. These files are accompanied by a DLL file that serves as a decryptor and loader of the malicious code. This technique aims to deceive users who are looking for illegal versions of software and to avoid detection by security solutions.
- Enhanced encryption by byte remapping: The malware uses a sophisticated encryption method that consists of remapping the bytes of the malicious code according to a specific byte map. Without the correct byte map, the encrypted malicious code, including all components and relevant data, cannot be correctly decrypted, making the decryption and analysis of the code longer and more difficult for analysts. The malware also changes its byte map every month, which makes it even harder to track the malicious code.
- Monthly change of command and control server: The malware communicates with a command and control (C&C) server to send the stolen information and receive instructions. The C&C server also changes every month, according to a predictable algorithm based on the current date. The C&C server uses the HTTPS protocol to encrypt the communication with the malware.
- Ability to steal data from various cryptocurrency wallets and web browsers: The malware mainly aims to steal data related to cryptocurrencies, such as private keys, passwords and addresses of wallets. The malware targets more than 20 different cryptocurrency wallets, such as Blockchain, Binance, Coinbase, MetaMask or Ledger Live. The malware also installs a malicious extension named VenomSoftX on Chrome, Brave, Edge, Opera and Firefox web browsers. This extension can intercept and modify cryptocurrency transactions made on web browsers. The malware can also steal other sensitive data stored on web browsers, such as cookies, history, bookmarks or autofill data.
- Detection of two password managers, KeePass 2 and 1Password: The malware checks for files associated with two popular password managers, KeePass 2 and 1Password, on the infected computer. It also tries to steal data stored in the browser extensions of these password managers. It is not clear whether the malware exploits a known vulnerability of the password managers or whether it uses another method to access the saved passwords.
Consequences of information theft by ViperSoftX malware
ViperSoftX is a malware that can cause serious damage to the users and organizations whose data it steals. The consequences of information theft by ViperSoftX malware can include:
- Loss of money: The malware can steal data related to cryptocurrencies, such as private keys, passwords and addresses of wallets. This can result in the loss of funds stored in these wallets, or the redirection of transactions to the attacker’s accounts. The malware can also steal data related to online banking, credit cards or other payment methods, which can enable the attacker to make fraudulent purchases or transfers using the victim’s identity.
- Loss of identity or confidentiality: The malware can steal data related to personal or professional identity, such as passport numbers, driver’s license numbers, social security numbers, medical records, online subscriptions, etc. This can result in identity theft, where the attacker can use the victim’s identity to access secure accounts, set up credit cards, apply for loans, or commit other crimes. The malware can also steal data related to confidential or proprietary information, such as software code, algorithms, processes or technologies. This can result in the loss of intellectual property, competitive advantage or trade secrets.
- Risks for the consumer and enterprise sectors: The malware targets both individual users and organizations that use cryptocurrencies or password managers. For individual users, the malware can compromise their privacy and security, as well as expose them to financial losses or legal liabilities. For organizations, the malware can compromise their reputation and customer trust, as well as expose them to lawsuits, ransomware demands, recovery costs, regulatory fines or penalties
Victims of the ViperSoftX malware and statistics
The ViperSoftX malware has made many victims around the world, especially in France. Some users have lost large amounts of cryptocurrencies due to the theft of their wallet addresses. Others have seen their online accounts hacked due to the theft of their passwords. Here are some testimonies collected from forums or social networks:
- “I was infected by ViperSoftX two weeks ago. I only realized it when I wanted to make a transfer of bitcoins to another wallet. The address I had copied had been replaced by another one in the clipboard. I lost 0.5 bitcoin, which is about 20,000 euros.”
- “I got caught by ViperSoftX by downloading a cracked software from a torrent site. The malware installed a malicious extension on my Firefox browser and stole my passwords stored in KeePass. I had to change all my passwords and disinfect my computer with an antivirus.”
- “ViperSoftX caused me a lot of problems. The malware accessed my personal and professional data by going through the extension of 1Password on Chrome. It used my Gmail account to send spam to my contacts and my PayPal account to make fraudulent purchases.”
According to TrendMicro, the ViperSoftX malware has infected more than 10,000 computers worldwide since its appearance in 2020. The number of victims could be even higher, as the malware is difficult to detect by antivirus.
How does ViperSoftX spread?
The malware also checks if the device has virtual password managers installed, such as 1Password or KeePass 2. These are applications that help users store and manage their passwords securely. ViperSoftX exploits a vulnerability called CVE-2023-24055 to access the data stored by these password managers through their browser extensions3.
ViperSoftX also steals users’ cryptocurrency by attacking wallets and exchanges. It targets the following wallets in particular: Armory, Atomic Wallet, Binance, Bitcoin, Blockstream Green, Coinomi, Delta, Electrum, Exodus, Guarda, Jaxx Liberty, Ledger Live, Trezor Bridge, Coin98, Coinbase and MetaMask.
The stolen data is then sent to a command-and-control (C2) server controlled by the attackers, who can use it for financial gain or sell it to other hackers.
How to protect yourself from ViperSoftX malware
ViperSoftX is a stealthy and dangerous malware that can cause serious damage to your computer and your data. Therefore, you should take some preventive measures to avoid being infected by this malware. Here are some tips to help you protect yourself from ViperSoftX:
- Avoid cracked software: The malware often arrives as cracked software, an activator or a key generator, which hides the malicious code in the overlay. Avoid downloading or using illegal versions of software or games, as they may contain malware. Only download software from trusted sources and verify their authenticity.
- Use security software: Use a robust antivirus software that can detect and remove malware from your device. Keep your security software updated and perform regular scans of your device. You can also use a firewall to block unauthorized network connections and a VPN to encrypt your online traffic.
- Update your browsers and password managers: The malware installs a malicious extension named VenomSoftX on web browsers and steals data from them. It also checks if the device has security software installed, such as Windows Defender or ESET, and activates its camouflage mechanisms accordingly. Update your browsers and password managers regularly to fix any security vulnerabilities. Also, only install extensions from trusted sources and check their permissions and reviews.
- Backup your data: The malware can steal or encrypt your data, making it inaccessible or unusable. Backup your data regularly to an external storage device or a cloud service, so you can restore it in case of a malware attack. You can also use encryption tools to protect your data from unauthorized access.
- Be careful with email attachments and links: The malware can also arrive through phishing emails that trick you into clicking on a link or opening an attachment. Be wary of emails that ask you to provide personal or financial information, or that seem to be from unknown or suspicious senders. Also, avoid clicking on links or attachments that look suspicious or irrelevant.
- Use strong and unique passwords: The malware can steal your passwords for your online accounts, especially for your cryptocurrency wallets and exchange platforms. Use strong and unique passwords for each account, and avoid using the same password for multiple accounts. You can use a password generator or a password manager to create and store strong passwords.
- Enable two-factor authentication (2FA): The malware can use your stolen passwords to access your accounts and perform fraudulent transactions. Enable two-factor authentication (2FA) whenever possible, which adds an extra layer of security to your login process. 2FA requires you to enter a code sent to your phone or email, or generated by an app, in addition to your password.
- Avoid downloading and installing software or documents from untrusted sources: The malware often hides behind cracked versions of popular software or games, which are offered on torrent or illegal download sites.
- Keep your browser and password manager updated: with the latest security patches, and use strong and unique passwords for each account.
How to remove ViperSoftX from your system
ViperSoftX is a malware that can infect your computer and steal your data. If you suspect or know that your computer is already infected by ViperSoftX, you should act quickly to remove it and prevent further damage. Here are some steps to help you remove ViperSoftX from your system:
- Uninstall malicious programs from Windows: ViperSoftX may have installed some malicious programs on your computer that can interfere with your removal process. To uninstall them, go to Control Panel > Programs > Uninstall a program and look for any suspicious programs that you do not recognize or that you did not install yourself. Select them and click Uninstall.
- Reset browsers back to default settings: ViperSoftX may have modified your browser settings and installed a malicious extension named VenomSoftX that can steal your data. To reset your browser settings, go to your browser settings and look for an option to reset your browser to its default state. This will remove any malicious extensions, cookies, history, passwords, and other data that ViperSoftX may have added or modified.
- Use Rkill to terminate suspicious programs: ViperSoftX may have some processes running in the background that can prevent you from removing it. To stop them, use Rkill, a free tool that can terminate any suspicious processes that are running on your computer. Download Rkill from here and run it as administrator. Wait for it to finish scanning and killing any suspicious processes.
- Use Malwarebytes to remove Trojans and unwanted programs: ViperSoftX is a Trojan malware that can hide itself from antivirus detection by using camouflage mechanisms. It also checks if the device has security software installed, such as Windows Defender or ESET, and activates its camouflage mechanisms accordingly. To remove it, use Malwarebytes, a powerful anti-malware software that can detect and remove ViperSoftX and other threats from your computer. Download Malwarebytes from here and install it. Run a full scan and follow the instructions to quarantine or delete any detected threats.
- Use HitmanPro to remove rootkits and other malware: ViperSoftX may have some hidden malware components that may have escaped Malwarebytes. To find and remove them, use HitmanPro, a second-opinion scanner that can find and remove any hidden malware that may be on your computer. Download HitmanPro from here and run it. Follow the instructions to scan your computer and remove any remaining malware.
- Use AdwCleaner to remove malicious browser policies and adware: ViperSoftX may have changed some browser policies or installed some adware on your computer that can display unwanted ads or pop-ups. To clean your browser from them, use AdwCleaner, a free tool that can remove any unwanted policies, extensions, toolbars, ads, or pop-ups that may have been installed by ViperSoftX or other adware. Download AdwCleaner from here and run it. Click Scan Now and then Clean & Repair to remove any detected threats.
By following these steps, you should be able to remove ViperSoftX from your computer completely. However, you should also change your passwords for your online accounts, especially for your cryptocurrency wallets and exchange platforms
ViperSoftX is a very stealthy malware that can evade antivirus detection by using various techniques. It also checks if the device has security software installed, such as Windows Defender or ESET, and activates its camouflage mechanisms accordingly4.
How to secure your passwords and cryptocurrencies with modern authentication methods?
One of the best ways to protect your passwords and cryptocurrencies from ViperSoftX and other malware is to use modern authentication methods that rely on hardware devices instead of software. These devices are called hardware password managers or cold wallets.
Hardware password manager
A hardware password manager is a device that stores and manages your passwords securely. Unlike a virtual password manager, which runs on your computer or smartphone, a hardware password manager is a separate device that you can carry with you. This way, you can avoid storing your passwords on potentially compromised devices or online services.
A hardware password manager generates and stores strong passwords for your online accounts, which you can access with one master password. To log in to an online service, you can either type the password manually or use the NFC feature of the device to transmit the password to your computer or smartphone.
NFC (Near Field Communication) is a wireless technology that allows devices to communicate over short distances. You can use NFC for various purposes, such as contactless payments, smart cards, and authentication. By using NFC, you can log in to your online accounts with a simple tap of your hardware password manager on your device.
Some of the benefits of using NFC are:
- It is fast and convenient: you do not need to type long passwords or scan QR codes.
- It is secure: NFC uses encryption and authentication protocols to prevent eavesdropping or tampering.
- It is compatible: NFC works with most:
A cold wallet is a device that stores your cryptocurrencies offline. Unlike a hot wallet, which is connected to the internet and vulnerable to hacking, a cold wallet is isolated and protected from unauthorized access. To use a cold wallet, you need to transfer your cryptocurrencies from an online platform to the device and vice versa.
A cold wallet generates and stores private keys for your cryptocurrency accounts. A private key is a secret code that allows you to access and control your cryptocurrency funds. You should never share or lose your private key, as it is the only way to access your funds.
Some of the advantages of using a cold wallet are:
- It is safe and reliable: you do not have to worry about hackers, malware, or phishing attacks.
- It is easy and convenient: you can manage your funds with a simple interface and a few clicks.
- It is versatile and compatible: you can store different types of cryptocurrencies on the same device.
One example of a cold wallet that uses NFC technology is the NFC Cold Wallet with EviVault technology from Freemindtronic Andorra. This device allows you to store and manage your cryptocurrencies securely and conveniently with your smartphone.
EviVault Cold Wallet & Hardware Wallet
EviVault is a patented technology that enhances the security and performance of NFC devices. It uses a combination of hardware and software features to protect your data from physical and logical attacks.
Some of the features of EviVault are:
- It encrypts and authenticates your data with AES-256 and HMAC-SHA256 algorithms.
- It prevents cloning, tampering, or replay attacks with anti-counterfeiting and anti-replay mechanisms.
- It detects and blocks brute force attacks with auto unpairing functions traced in a black box.
- It optimizes the speed and reliability of NFC communication with error correction and data compression techniques.
With EviVault, you can enjoy the benefits of NFC technology without compromising your security or privacy.
The impact of the ViperSoftX malware on businesses
The ViperSoftX malware does not only target individuals, but also businesses. Indeed, the malware can compromise the security of professional data by stealing the passwords of employees or customers. It can also infect the computer network of the company and spread other malware, such as ransomware or cryptominers.
To protect themselves from the ViperSoftX malware, businesses must take several measures:
- Educate employees about the risks associated with downloading software or documents from unofficial or illegal sources.
- Use up-to-date and effective antivirus software to detect and remove the malware.
- Choose secure and reliable password managers, which do not store sensitive data in browser extensions.
- Check regularly the transactions in cryptocurrencies and the addresses of the wallets.
ViperSoftX is a dangerous malware that can steal your passwords and cryptocurrencies from your virtual password managers and online platforms. To protect yourself from ViperSoftX, you should be careful about what you download and install on your device, keep your software updated and secure, avoid installing unknown or suspicious extensions and backup your data regularly.
To secure your passwords and cryptocurrencies with modern authentication methods, you can use hardware password managers or cold wallets that rely on hardware devices instead of software. These devices use NFC technology to offer you a high level of security and convenience for your online accounts. However, you should also follow some best practices, such as keeping your devices updated and secure, using strong passwords and two-factor authentication, and storing only small amounts of cryptocurrency on online platforms.