ViperSoftX RAT

RATs or Remote Access Trojans are among the most threatening malware types, and, as such, ViperSoftX RAT presents a severe security issue. This JavaScript-based RAT is equipped with several obfuscation techniques designed to reduce the chances of it being detected, as well as analyzing its code that much harder. Among the methods employed by ViperSoftX RAT are partial code encryption via the AES cryptographic algorithm and using legitimate names to disguise its code.

Once inside the targeted computer, ViperSoftX RAT establishes persistence and begins to collect various system data. Among the harvested details are the device serial number, device name, username, operating system, and a list of installed anti-malware solutions.

The main purpose of ViperSoftX RAT is to collect cryptocurrencies, Bitcoin and Ethereum mainly, by interfering with cryptocurrency transactions conducted on the compromised computer. The technique used by the threat is to substitute the intended crypto wallet address with one under the control of the hackers. The switch happens in the clipboard, a short-term storage buffer where copied content is placed, which is often used to save crypto wallet addresses temporarily due to their length.

However, it must be noted that ViperSoftX RAT is capable of far more destructive actions as it can fetching files from its Command-and-Control infrastructure and executing them. This means that the hackers can switch their operations to deliver ransomware, cryptominers, or other additional malware payloads easily.


Most Viewed