* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Wednesday, October 22, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    AMC brings first new Dolby Experience to Gwinnett since 2017 – Wyoming News Now

    AMC Launches First New Dolby Experience in Gwinnett Since 2017

    Hetzel Design: blending architecture and entertainment – Blooloop

    Hetzel Design: Where Architecture and Entertainment Unite in Perfect Harmony

    Country music legend rushed to hospital year after heart surgery. Here’s what we know – PennLive.com

    Country Music Legend Rushed to Hospital One Year After Heart Surgery – What’s Happening Now?

    Strictly Come Dancing results: Chris Robshaw is eliminated while drag queen La Voix escapes dance-off – Yahoo

    Strictly Come Dancing results: Chris Robshaw is eliminated while drag queen La Voix escapes dance-off – Yahoo

    Placer County town of Loomis considers entertainment zone for downtown – CBS News

    Loomis Unveils Thrilling New Entertainment Zone to Revitalize Downtown

    CT Culture Corner: Robert Redford films to watch – CT Insider

    CT Culture Corner: Robert Redford films to watch – CT Insider

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

    Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

    3 E Network Technology Group Limited Closes $1.5 Million Convertible Promissory Note Offering – Quiver Quantitative

    3 E Network Technology Group Limited Closes $1.5 Million Convertible Promissory Note Offering – Quiver Quantitative

    3 Technology Stocks to Buy Now – Yahoo Finance

    3 Must-Buy Tech Stocks You Can’t Afford to Miss Right Now

    ‘New frontier’: Austin leaders start discussions on air taxi technology – KXAN Austin

    Austin Leaders Ignite Exciting Conversations on the Future of Air Taxi Technology

    How a Gemma model helped discover a new potential cancer therapy pathway – blog.google

    How a Gemma Model Revealed a Breakthrough Pathway for Cancer Treatment

    Italian Technology in Manufacturing: Supporting North American Industries and Keeping Production Local – Thomasnet

    How Italian Technology is Revolutionizing North American Manufacturing and Boosting Local Production

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    AMC brings first new Dolby Experience to Gwinnett since 2017 – Wyoming News Now

    AMC Launches First New Dolby Experience in Gwinnett Since 2017

    Hetzel Design: blending architecture and entertainment – Blooloop

    Hetzel Design: Where Architecture and Entertainment Unite in Perfect Harmony

    Country music legend rushed to hospital year after heart surgery. Here’s what we know – PennLive.com

    Country Music Legend Rushed to Hospital One Year After Heart Surgery – What’s Happening Now?

    Strictly Come Dancing results: Chris Robshaw is eliminated while drag queen La Voix escapes dance-off – Yahoo

    Strictly Come Dancing results: Chris Robshaw is eliminated while drag queen La Voix escapes dance-off – Yahoo

    Placer County town of Loomis considers entertainment zone for downtown – CBS News

    Loomis Unveils Thrilling New Entertainment Zone to Revitalize Downtown

    CT Culture Corner: Robert Redford films to watch – CT Insider

    CT Culture Corner: Robert Redford films to watch – CT Insider

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

    Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

    3 E Network Technology Group Limited Closes $1.5 Million Convertible Promissory Note Offering – Quiver Quantitative

    3 E Network Technology Group Limited Closes $1.5 Million Convertible Promissory Note Offering – Quiver Quantitative

    3 Technology Stocks to Buy Now – Yahoo Finance

    3 Must-Buy Tech Stocks You Can’t Afford to Miss Right Now

    ‘New frontier’: Austin leaders start discussions on air taxi technology – KXAN Austin

    Austin Leaders Ignite Exciting Conversations on the Future of Air Taxi Technology

    How a Gemma model helped discover a new potential cancer therapy pathway – blog.google

    How a Gemma Model Revealed a Breakthrough Pathway for Cancer Treatment

    Italian Technology in Manufacturing: Supporting North American Industries and Keeping Production Local – Thomasnet

    How Italian Technology is Revolutionizing North American Manufacturing and Boosting Local Production

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

ViperSoftX malware covertly runs PowerShell using AutoIT scripting

July 11, 2024
in Technology
ViperSoftX malware covertly runs PowerShell using AutoIT scripting
Share on FacebookShare on Twitter

ViperSoftX malware covertly runs PowerShell using AutoIT scripting

The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection.

CLR is a key component of Microsoft’s .NET Framework, serving as the execution engine and runtime environment for .NET applications.

ViperSoftX uses CLR to load code within AutoIt, a scripting language for automating Windows tasks that are typically trusted by security solutions.

In addition, researchers found that the developer of the malware incorporated modified offensive scripts in the latest versions to increase sophistication.

Infection chain

ViperSoftX has been around since at least 2020 and it is currently distributed on torrent sites as ebooks that deliver malicious RAR archives with a decoy PDF or ebook file, a shortcut (.LNK) file, and PowerShell and AutoIT scripts disguised as JPG image files.

Files in the RAR archiveFiles in the RAR archive
Source: Trellix

Malware researchers at cybersecurity company Trellix say that the infection starts when victims execute the .LNK file. During the process, it loads the PowerShell script that hides within blank spaces commands that are automatically executed in the Command Prompt.

The PS script moves to the %APPDATA%MicrosoftWindows directory two files (zz1Cover2.jpg and zz1Cover3.jpg). One of them is the executable for AutoIt and renamed AutoIt3.exe.

To maintain persistence, the same script configures the Task Scheduler to run AutoIt3.exe every five minutes after the user logs in.

Scheduled tasks added by ViperSoftXScheduled tasks added by ViperSoftX
Source: Trellix

Stealthy operation

By using CLR to load and execute PowerShell commands within the AutoIt environment, ViperSoftX seeks to blend into legitimate activities on the system and evade detection.

This is possible because despite AutoIT not supporting .NET CLR natively, users can define functions that allow invoking PowerShell commands indirectly.

ViperSoftX uses heavy Base64 obfuscation and AES encryption to hide the commands in the PowerShell scripts taken from the image decoy files.

The malware also includes a function to modify the memory of the Antimalware Scan Interface (AMSI) function (‘AmsiScanBuffer’) to bypass security checks on the scripts.

ViperSoftX attack flowViperSoftX attack flow
Source: Trellix

For network communication, ViperSoftX uses deceptive hostnames like ‘security-microsoft.com. To stay under the radar, system information is encoded in the Base64 format and the data is delivered via a POST request with a content length of “0.” In doing so, the threat actor again tries to avoid attention due to the lack of body content.

The objective of ViperSoftX is to steal the following data from compromised systems:

System and hardware details
Cryptocurrency wallet data from browser extensions like MetaMask, Ronin Wallet, and many others
Clipboard contents

ViperSoftX checking the browser extensionsViperSoftX checking the browser extensions
Source: Trellix

Trellix says that ViperSoftX has refined its evasion tactics and has become a bigger threat. By integrating CLR to execute PowerShell inside AutoIt, the malware manages to run malicious functions while evading security mechanisms that typically catch standalone PowerShell activity.

The researchers describe the malware as a sophisticated and agile modern threat that can be thwarted with “a comprehensive defense strategy that encompasses detection, prevention, and response capabilities.”

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : BleepingComputer – https://www.bleepingcomputer.com/news/security/vipersoftx-malware-covertly-runs-powershell-using-autoit-scripting/

Tags: malwaretechnologyViperSoftX
Previous Post

CISA urges devs to weed out OS command injection vulnerabilities

Next Post

GitLab: Critical bug lets attackers run pipelines as other users

Jacobson earns program’s first medal at U23 World Championships – nmuwildcats.com

Jacobson Breaks New Ground with Program’s First Medal at U23 World Championships

October 22, 2025
AHLA: Hotels generate $7B for Denver economy – Hotel Management

Hotels Drive Denver’s Economy to Soar by $7 Billion

October 22, 2025
AMC brings first new Dolby Experience to Gwinnett since 2017 – Wyoming News Now

AMC Launches First New Dolby Experience in Gwinnett Since 2017

October 22, 2025
UCare, other carriers dropping Medicare Advantage Plans, leaving 200K Minnesota seniors without health insurance – CBS News

UCare, other carriers dropping Medicare Advantage Plans, leaving 200K Minnesota seniors without health insurance – CBS News

October 22, 2025
With Israel-Hamas Cease-Fire, Some Pro-Palestinian Protesters Look Back at Their Movement, Ruefully – The New York Times

With Israel-Hamas Cease-Fire, Some Pro-Palestinian Protesters Look Back at Their Movement, Ruefully – The New York Times

October 21, 2025
Fusobacterium nucleatum : ecology, pathogenesis and clinical implications – Nature

Unveiling Fusobacterium nucleatum: Exploring Its Ecology, Disease Connections, and Health Impact

October 21, 2025
Escherichia coli with a 57-codon genetic code – Science | AAAS

Escherichia coli Engineered with a Revolutionary 57-Codon Genetic Code

October 21, 2025
LOCALIZE IT: Over 420 anti-science bills target public health protections in statehouses across US – newspressnow.com

More Than 420 Anti-Science Bills Jeopardize Public Health Across the Nation

October 21, 2025
Halloween not your thing? Here’s when Christmas at the Newport mansions will start. – The Providence Journal

Not a Halloween Fan? Find Out When Christmas Magic Begins at the Newport Mansions!

October 21, 2025
Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

October 21, 2025

Categories

Archives

October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  
« Sep    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (879)
  • Economy (901)
  • Entertainment (21,772)
  • General (17,729)
  • Health (9,942)
  • Lifestyle (913)
  • News (22,149)
  • People (901)
  • Politics (911)
  • Science (16,111)
  • Sports (21,400)
  • Technology (15,880)
  • World (884)

Recent News

Jacobson earns program’s first medal at U23 World Championships – nmuwildcats.com

Jacobson Breaks New Ground with Program’s First Medal at U23 World Championships

October 22, 2025
AHLA: Hotels generate $7B for Denver economy – Hotel Management

Hotels Drive Denver’s Economy to Soar by $7 Billion

October 22, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version