Once inside the targeted computer, ViperSoftX RAT establishes persistence and begins to collect various system data. Among the harvested details are the device serial number, device name, username, operating system, and a list of installed anti-malware solutions.
The main purpose of ViperSoftX RAT is to collect cryptocurrencies, Bitcoin and Ethereum mainly, by interfering with cryptocurrency transactions conducted on the compromised computer. The technique used by the threat is to substitute the intended crypto wallet address with one under the control of the hackers. The switch happens in the clipboard, a short-term storage buffer where copied content is placed, which is often used to save crypto wallet addresses temporarily due to their length.
However, it must be noted that ViperSoftX RAT is capable of far more destructive actions as it can fetching files from its Command-and-Control infrastructure and executing them. This means that the hackers can switch their operations to deliver ransomware, cryptominers, or other additional malware payloads easily.