More sophisticated attack concealment capabilities have been integrated into the updated ViperSoftX information-stealing malware distributed via torrents for eBooks, which enables .NET Common Language Runtime exploitation for PowerShell command execution, The Register reports.
Fraudulent JPG files have also been leveraged by ViperSoftX to deploy AutoIT scripts and the AutoIT executable, along with PowerShell scripts, to deactivate Windows security features and perform other scheduled tasks, a report from Trellix revealed. Attackers behind ViperX, who initially intended the infostealer for cryptocurrency asset compromise, have also been leveraging certain security script components in the infostealer. "By leveraging these existing scripts, malware developers not only accelerate development but also focus on improving their evasion tactics, making ViperSoftX a formidable threat in the cybersecurity landscape," said Trellix security researchers Mathanraj Thangaraju and Sijo Jacob, who urged for increased awareness regarding ViperSoftX to facilitate improved security defenses against the ever-evolving information-stealing malware threat.
