Thursday, July 25, 2024
HomeCyberworldCybernewsTorrents Harbor ViperSoftX Malware 

Torrents Harbor ViperSoftX Malware 

Researchers have discovered ViperSoftX, a sophisticated malware previously detected by Fortinet in 2020, lurking within torrents disguised as eBooks. ViperSoftX dynamically loads and runs PowerShell commands using AutoIt’s Common Language Runtime (CLR). This integration allows it to execute malicious functions while evading detection mechanisms.

Mathanraj Thangaraju, and Sijo Jacob, a Trellix security researcher confirmed the malware’s action is a statement saying “A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime (CLR) to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations, by utilizing CLR, ViperSoftX can seamlessly integrate PowerShell functionality, allowing it to execute malicious functions while evading detection mechanisms that might otherwise flag standalone PowerShell activity.”

More details about the malware activity showed it can harvest system information, scan for cryptocurrency wallets via browser extensions, capture clipboard contents, and dynamically download and run additional payloads and commands by leveraging the responses from a remote server. The most intriguing part of the malware’s ability is that it can self-delete to prevent detection.

OpenSSH Vulnerability Raises Alarms

CVE-2024-6409 with a CVSS score of 7.0 discovered by Alexander Peslyak, poses a risk of remote code execution. It impacts Version 8.7p1 and 8.8p1. Distinct from the previously documented RegreSSHion (CVE-2024-6387), this vulnerability triggers a race condition and RCE potential in the privsep child process, which runs with reduced privileges compared to the parent server process.

Alexander Peslyak confirmed the difference through a statement that reads “The main difference from CVE-2024-6387 is that the race condition and RCE potential are triggered in the privsep child process, which runs with reduced privileges compared to the parent server process,”

Google Introduces Passkeys for Enhanced Security

Google now offers passkeys as an alternative to passwords for high-risk users enrolling in its Advanced Protection Program (APP). Shuvo Chatterjee, the product lead of the APP, confirms that users can choose a passkey to secure their accounts. Over 400 million Google accounts already utilize passkeys.

HuiOne Guarantee $11 Billion Cybercrime Hub Exposed

Cryptocurrency analysts expose HuiOne Guarantee, a Cambodian conglomerate linked to the ruling Hun family. Beyond pig butchering scams, HuiOne offers technology, money laundering, and data services, now valued at over $11 billion.

Microsoft Patches Actively Exploited Flaws Microsoft addresses 143 security vulnerabilities, including 136 important and 5 critical flaws. They notably exploited before the patch release. The vulnerabilities CVE-2024-38080 with a CVSS score of 7.8 associated with Windows Hyper-V elevation of privilege and CVE-2024-38112 with a CVSS score of 7.5 associated with Windows MSHTML platform spoofing vulnerability were exploited in the wild before the patch release.

Further statements about the flaws and patches explained that “Successful exploitation of this vulnerability requires an attacker to take additional actions before exploitation to prepare the target environment. To exploit CVE-2024-38112, an attacker would have to send the victim a malicious file that the victim would have to execute.”

 

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular