This vicious new malware version is now targeting password managers

News
By published

1Password and KeePass are the new targets

Conceptual art of a computer system being hacked.
(Image credit: Getty Images)

A new version of an already active malware is now shifting focus to target 1Password - in our view the best password manager for families - and KeePass.

ViperSoftX is an infostealer that has already been after crypto wallets, but its now attacking more of them, in addition to multiple web browsers - not just Google Chrome - and password managers as well. 

It also has stronger code encryption now and is better at avoiding detection from antivirus tools. 

New version

ViperSoftX can install the malicious Chrome extension VenomSoftX, but according to security researchers Trend Micro, it can now also infect Microsoft Edge, Mozilla Firefox, Opera and Brave. 

The malware was first discovered in 2020 stealing crypto currency using a JavaScript-based RAT (remote access trojan). By 2022, however, Avast found that it had advanced considerably in its capabilities, with the cybersecurity vendor claiming that it had stopped close to 100,000 attacks on its customers from the malware through most of last year. Most victims were based in the U.S., Italy, Brazil, and India.

It seems that now, however, ViperSoftX has extended its global reach, with Trend Micro detecting additional prominent activity in Australia, Japan, Taiwan, Malaysia and France. Enterprises and consumers alike are being targeted too. Analysts found that the malware is often hidden in software cracks and activators. 

read more

> Password manager hacked to launch wide-ranging cyberattack against businesses worldwide

> Hackers might be able to crack this top password manager and steal your logins

> LastPass confirms hackers had access to internal systems for several days

In addition to attacking many more crypto wallets now, the latest version of ViperSoftX has been found by Trend Micros to be scouring for files associated with 1Password and KeePass, and attempting to steal data related to their browser extensions. 

An exploit tracked as CVE-2023-24055 does allow for stored passwords to be exported in a plain text file, but Trend Micro found now evidence that this is being used by ViperSoftX.

However, it told BleepingComputer that it could steal users' vaults in the later stages of the attack, once the malware has taken hold and extracted data from the victim's system and sent it to the threat actor.

More worringly, the new ViperSoftX uses DLL sideloading in order to be mistakenly recognized as a trusted process, thus remaining undetected by security software. It also checks to see if monitoring tools like VMWare or Process Monitor and antivirus software such as Windows Defender and ESET are present on the system before it it begins its processes.

It also uses byte mapping, a technique to encrypt its code in a way that makes it much harder to decrypt without having the correct map to do so.

TOPICS
Lewis Maddison
Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Read more
A hand laying out a password
Security attacks on password managers have soared
Hands typing on a keyboard surrounded by security icons
Infostealers on the rise: the latest concern for organizational defenses
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
LastPass 2022 hack fallout continues with millions of dollars more reportedly stolen
Cartoon Phishing
Over a billion credentials stolen were stolen in malware attacks in 2024
A white padlock on a dark digital background.
A new and dangerous keylogger is on the loose - here's how to stay safe
HTTPS in a browser address bar
Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Ray-Ban smart glasses with the Cpperni logo, an LED array, and a MacBook Air with M4 next to ecah other.
ICYMI: the week's 7 biggest tech stories from Twitter's massive outage to iRobot's impressive new Roombas
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
More about security
Data Breach

Thousands of healthcare records exposed online, including private patient information
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.

AI agents can be hijacked to write and send phishing attacks
Fingers typing on a computer keyboard.

Microsoft 365 Personal vs Microsoft 365 Family: are there any real differences?

See more latest
Most Popular
Ray-Ban smart glasses with the Cpperni logo, an LED array, and a MacBook Air with M4 next to ecah other.
ICYMI: the week's 7 biggest tech stories from Twitter's massive outage to iRobot's impressive new Roombas
A hand reaching out to touch a futuristic rendering of an AI processor.
Researchers want to embrace Arm's celebrated paradigm for a universal generative AI processor; a puzzling MEGA.mini core architecture
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Nokia 5G 360 Camera
This is the world's first 8K 5G 360 degrees camera - and it is also weatherproof
AI writer
Coding AI tells developer to write it himself
Data Breach
Thousands of healthcare records exposed online, including private patient information
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight