This vicious new malware version is now targeting password managers

1Password and KeePass are the new targets

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new version of an already activemalwareis now shifting focus to target1Password- in our view thebest password managerfor families - and KeePass.

ViperSoftX is an infostealer that has already been after crypto wallets, but its now attacking more of them, in addition to multiple web browsers - not justGoogleChrome - and password managers as well.

It also has stronger code encryption now and is better at avoiding detection fromantivirustools.

New version

ViperSoftX can install the malicious Chrome extension VenomSoftX, but according to security researchersTrend Micro, it can now also infectMicrosoftEdge, Mozilla Firefox, Opera and Brave.

The malware was first discovered in 2020 stealing crypto currency using a JavaScript-based RAT (remote access trojan). By 2022, however,Avastfound that it had advanced considerably in its capabilities, with the cybersecurity vendor claiming that it had stopped close to 100,000 attacks on its customers from the malware through most of last year. Most victims were based in the U.S., Italy, Brazil, and India.

It seems that now, however, ViperSoftX has extended its global reach, with Trend Micro detecting additional prominent activity in Australia, Japan, Taiwan, Malaysia and France. Enterprises and consumers alike are being targeted too. Analysts found that the malware is often hidden in software cracks and activators.

Password manager hacked to launch wide-ranging cyberattack against businesses worldwide>Hackers might be able to crack this top password manager and steal your logins>LastPass confirms hackers had access to internal systems for several days

In addition to attacking many more crypto wallets now, the latest version of ViperSoftX has been found by Trend Micros to be scouring for files associated with 1Password and KeePass, and attempting to steal data related to their browser extensions.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

An exploit tracked as CVE-2023-24055 does allow for stored passwords to be exported in a plain text file, but Trend Micro found now evidence that this is being used by ViperSoftX.

However, it toldBleepingComputerthat it could steal users' vaults in the later stages of the attack, once the malware has taken hold and extracted data from the victim’s system and sent it to the threat actor.

More worringly, the new ViperSoftX uses DLL sideloading in order to be mistakenly recognized as a trusted process, thus remaining undetected by security software. It also checks to see if monitoring tools like VMWare or Process Monitor and antivirus software such as Windows Defender and ESET are present on the system before it it begins its processes.

It also uses byte mapping, a technique to encrypt its code in a way that makes it much harder to decrypt without having the correct map to do so.

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Rising AI threats are making firms turn back to human intelligence

Thousands of employees could be falling victim to obvious phishing scams every month

A newly reported iPhone phenomenon could be bad news for both cops and robbers