Geeks for your information Security Security Vendors Other Security Vendors AhnLab
ASEC_ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor
ASEC_ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor
jasonX Offline
Administrator
*******
Posts: 1,793
Threads: 461
Thanks Received: 6,656 in 1,777 posts
Thanks Given: 1,435
Joined: 14 August 18
#1
15 April 25, 04:24
[Image: WYlM66o.png]


 
ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor
 
[Image: OYfCidW.png]

AhnLab SEcurity intelligence Center (ASEC) uncovered that attackers, suspected to be Arabic speakers, have been distributing ViperSoftX malware targeting Korean victims since April 1, 2025. ViperSoftX is typically spread through cracked software or torrents, masquerading as legitimate programs.
 
Quote:The main characteristic of ViperSoftX is that it operates as a PowerShell script. During the C&C communication process, parameters such as “/api/”, “/api/v1”, “/api/v2”, “/api/v3/” are always included in the URI path. After the C&C communication process, additional malware is downloaded. In this particular campaign, while the initial distribution method of ViperSoftX remains unclear, the PowerShell and VBS code used for C&C communication contains Arabic comments, suggesting that the attacker is an Arabic speaker.

According to the AhnLab Smart Defense (ASD) infrastructure, the additional malware such as VBS downloader, malicious powershell script, PureCrypter (a downloader), and Quasar RAT are downloaded from ViperSoftX. The following information is identified during ViperSoftX C&C communication process....



Full Article_ ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor

ASEC (AhnLab SEcurity intelligence Center)


Data and info derived from AhnLab with permission
[-] The following 1 user says Thank You to jasonX for this post:
  • harlan4096
Find
Reply


Messages In This Thread
ASEC_ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor - by jasonX - 15 April 25, 04:24

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
K-Lite Codec Pack 18.8.5 / 18.8.9 Update
Changes in 18.8.9 ...harlan4096 — 07:13
Ubuntu 24.04.2 LTS / 25.04
Ubuntu 24.04.2 LTS...harlan4096 — 07:12
Microsoft Edge 135.0.3179.85
Version 135.0.3179...harlan4096 — 07:10
AnyDesk 7.0.0 for Linux
AnyDesk 7.0.0 for ...harlan4096 — 07:08
Intel releases AI Playground software fo...
Intel is open sour...harlan4096 — 07:07

[-]
Birthdays
Today's Birthdays
avatar (37)RobertUtelt
Upcoming Birthdays
avatar (44)wapedDow
avatar (43)techlignub
avatar (42)Stevenmam
avatar (49)onlinbah
avatar (50)steakelask
avatar (44)Termoplenka
avatar (42)bycoPaist
avatar (48)pieloKat
avatar (42)ilyagNeexy
avatar (50)donitascene
avatar (50)Toligo

[-]
Online Staff
There are no staff members currently online.

>