VenomSoftX, a part of ViperSoftX exploit ecosystem, and a lesser-known malware that began operating in 2020, has been continuously exploiting the Google Chrome browser, a recent report by malware protection service provider Avast stated. The malware reportedly captures content from the clipboard and steals information from the target computers.
ViperSoftX went through an extensive transformation over the years, and in 2022, it became proficient enough to strengthen its information-stealing and evasion skills, making it more powerful and effective. Among its features, the malware can remotely install a malicious Google Chrome extension on affected devices, steal cryptocurrency details and compromise data stored in the browser.
With its latest ad to steal credentials and cryptocurrencies, ViperSoftX has become more cunning than its previous versions. Since it is a part of the ViperSoftX JavaScript Trojan, it has also been advertised on the hacking forums as a sellable item since 2020 and was soon discovered by Cerberus researchers and Colin Cowie.
Breaking News
Verizon Customer Data for Sale on Dark Web, New Data Breach Suspected
Threat actor claims to have access to a database of 7.5 million customers belonging to Verizon, stolen by hackers in January 2023. Read More...
ViperSoftX infection attempts
According to the report, the researchers detected and blocked around 93,000 ViperSoftX infection attempts. Most incidents due to ViperSoftX were directed toward users from different countries, like the United States, Italy, India, and Brazil. They didn’t follow any known attack patterns, eliminating any cyber espionage activities by the threat actor.
However, the malware is still very proficient in its techniques and has tracked its route via torrent download websites where users can download games, videos, and premium cracked versions of paid software, keys, and activators. Once the exploit has been planted, the malware moves into action and retrieves information on the victim’s devices. The two cases where the threat actor used the malware to hardcode its crypto wallet addresses resulted in a loss of funds from the victim’s devices.
The malware solely operates by installing itself as an add-on for Chrome, Brave, Edge, and Opera browsers. It tries to steal as much information as possible while it stays undetected.
