Home Malware Programs Remote Administration Tools ViperSoftX RAT

ViperSoftX RAT

Posted: January 26, 2021

The ViperSoftX RAT is a threatening piece of software whose activity peaked near the end of 2019. However, the fact that ViperSoftX RAT is not as active today does not mean that the threat should be underestimated – it is still being by threatening cybercriminals thanks to its ability to behave not just like a Remote Access Trojan (RAT) but also as a cryptocurrency stealer.

The ViperSoftX RAT will gain persistence on infected devices by dropping its files to the %APPDATA% folder and then using an auto-run VBScript file to launch its files on system startup. The RAT features of ViperSoftX allow the attackers to:

  • Execute JavaScript code.
  • Run commands through the Windows Command Prompt.
  • Download and run PowerShell scripts from an URL.
  • Download and run files to a predefined folder.
  • Update the payload.

The cryptocurrency hijacking of ViperSoftX RAT is somewhat limited, and the malware is able to execute the so-called clipboard hijacking attack. The threat only targets Bitcoin and Ethereum wallets – if it identifies that the victim has copied a string that matches a BTC/ETH wallet, it will replace it with one controlled by the attackers. This way, they may seamlessly hijack Bitcoin and Ethereum transactions.

The ViperSoftX RAT is still a threat in 2021, and you should take the necessary precautions to keep your system safe from it. Use a reputable anti-virus tool, and avoid downloading unknown files from the Internet.