Bookworms beware — this sneaky malware disguises itself as ebooks

News
By published

Hackers are distributing malware via fake eBook torrents

Best ereader
Kom igång med din digital läsning med en av de bästa läsplattorna från Amazon, Kobo och mer. (Image credit: TechRadar / Amazon)

Researchers have warned reading fans of a new malware strain disguising itself as eBooks, and being distributed via torrents.

Usually, threat actors sharing malware via torrents would disguise the files as popular movies, or cracks for expensive, commercial software, since these are popular and allow the attackers to distribute the malware to a wider cohort. eBooks are not usually impersonated in cybercrime due to the files being somewhat niche.

However, cybersecurity researchers from Trellix say they have observed malware known as ViperSoftX being shared this way. Users would think they are downloading an eBook, but the archive would also carry a hidden folder and a Windows shortcut file. Running the shortcut triggers the infection chain, which results in the deployment of the malware. 

Information stealer and remote access trojan

ViperSoftX is a type of malware that functions as an information stealer and a remote access trojan (RAT). It is designed to steal sensitive information, such as login credentials, financial information, and other personal data from infected computers. 

It was first spotted in the wild around late 2019, and has since evolved with various updates and modifications, making it a persistent threat to computer systems. Newer versions steal cryptocurrency wallet data from browser extensions, grabs clipboard content, and more.

"A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime (CLR) to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations," the researchers said, explaining how the malware remains hidden. "By utilizing CLR, ViperSoftX can seamlessly integrate PowerShell functionality, allowing it to execute malicious functions while evading detection mechanisms that might otherwise flag standalone PowerShell activity."

While a potent infostealer in its own right, ViperSoftX also served as a loader, helping threat actors distribute Quasar RAT and an infostealer called TesseractStealer, TheHackerNews reports. 

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
Trojan
Hackers hide malware into website images to go unnoticed
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Microsoft reveals over a million PCs hit by malvertising campaign
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Microsoft Surface Laptop 7 on the left side and Dell XPS 13 (2024) on the right side of a TechRadar versus background

Microsoft Surface Laptop 7 vs. Dell XPS 13 (2024): Which laptop should you trust to fuel your productivity?
See more latest
Most Popular
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard