* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Wednesday, October 1, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

    Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

    The Police Made Chart History With This 1979 Hit Nearly 50 Years Ago – Yahoo

    How The Police Changed Music Forever with Their Iconic 1979 Hit Nearly 50 Years Ago

    Good Deed Entertainment Acquires Worldwide Rights To Liza Mandelup’s Documentary ‘Caterpillar’ – Deadline

    Good Deed Entertainment Lands Global Rights to Liza Mandelup’s Captivating Documentary ‘Caterpillar

    Danielle Fishel Explains Why Being on “DWTS” Makes Her Feel ‘Like It’s 1994 Again’ Filming “Boy Meets World” (Exclusive) – Yahoo

    Danielle Fishel Explains Why Being on “DWTS” Makes Her Feel ‘Like It’s 1994 Again’ Filming “Boy Meets World” (Exclusive) – Yahoo

    Jussie Smollett Claims He Was ‘Disrespected’ on the ‘Special Forces’ Season Premiere – Yahoo

    Jussie Smollett Opens Up About Feeling ‘Disrespected’ During the ‘Special Forces’ Season Premiere

    TicketSmarter Fall Entertainment Guide – Eastern Illinois University Athletics

    TicketSmarter Fall Entertainment Guide – Eastern Illinois University Athletics

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

    Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

    Four Strategic Signals Technology Leaders Are Tuning In To – SPONSOR CONTENT FROM ARM – Harvard Business Review

    Four Essential Strategic Signals Every Technology Leader Should Watch

    Virginia Tech hosts annual New Music + Technology Festival this week – Cardinal News

    Virginia Tech Kicks Off Exciting Annual New Music and Technology Festival This Week

    Why I gave the world wide web away for free | Tim Berners-Lee – The Guardian

    Why I Decided to Make the World Wide Web Free for Everyone | Tim Berners-Lee

    From shale to steam: Fossil fuel technology boosts clean geothermal energy – Washington Examiner

    From Shale to Steam: How Fossil Fuel Technology is Powering a Clean Geothermal Energy Revolution

    How Sustainable Technology is Shaping a Greener Future – Technology Magazine

    How Sustainable Technology is Driving the Revolution Toward a Greener Future

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

    Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

    The Police Made Chart History With This 1979 Hit Nearly 50 Years Ago – Yahoo

    How The Police Changed Music Forever with Their Iconic 1979 Hit Nearly 50 Years Ago

    Good Deed Entertainment Acquires Worldwide Rights To Liza Mandelup’s Documentary ‘Caterpillar’ – Deadline

    Good Deed Entertainment Lands Global Rights to Liza Mandelup’s Captivating Documentary ‘Caterpillar

    Danielle Fishel Explains Why Being on “DWTS” Makes Her Feel ‘Like It’s 1994 Again’ Filming “Boy Meets World” (Exclusive) – Yahoo

    Danielle Fishel Explains Why Being on “DWTS” Makes Her Feel ‘Like It’s 1994 Again’ Filming “Boy Meets World” (Exclusive) – Yahoo

    Jussie Smollett Claims He Was ‘Disrespected’ on the ‘Special Forces’ Season Premiere – Yahoo

    Jussie Smollett Opens Up About Feeling ‘Disrespected’ During the ‘Special Forces’ Season Premiere

    TicketSmarter Fall Entertainment Guide – Eastern Illinois University Athletics

    TicketSmarter Fall Entertainment Guide – Eastern Illinois University Athletics

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

    Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

    Four Strategic Signals Technology Leaders Are Tuning In To – SPONSOR CONTENT FROM ARM – Harvard Business Review

    Four Essential Strategic Signals Every Technology Leader Should Watch

    Virginia Tech hosts annual New Music + Technology Festival this week – Cardinal News

    Virginia Tech Kicks Off Exciting Annual New Music and Technology Festival This Week

    Why I gave the world wide web away for free | Tim Berners-Lee – The Guardian

    Why I Decided to Make the World Wide Web Free for Everyone | Tim Berners-Lee

    From shale to steam: Fossil fuel technology boosts clean geothermal energy – Washington Examiner

    From Shale to Steam: How Fossil Fuel Technology is Powering a Clean Geothermal Energy Revolution

    How Sustainable Technology is Shaping a Greener Future – Technology Magazine

    How Sustainable Technology is Driving the Revolution Toward a Greener Future

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

ViperSoftX malware covertly runs PowerShell using AutoIT scripting

July 11, 2024
in Technology
ViperSoftX malware covertly runs PowerShell using AutoIT scripting
Share on FacebookShare on Twitter

ViperSoftX malware covertly runs PowerShell using AutoIT scripting

The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection.

CLR is a key component of Microsoft’s .NET Framework, serving as the execution engine and runtime environment for .NET applications.

ViperSoftX uses CLR to load code within AutoIt, a scripting language for automating Windows tasks that are typically trusted by security solutions.

In addition, researchers found that the developer of the malware incorporated modified offensive scripts in the latest versions to increase sophistication.

Infection chain

ViperSoftX has been around since at least 2020 and it is currently distributed on torrent sites as ebooks that deliver malicious RAR archives with a decoy PDF or ebook file, a shortcut (.LNK) file, and PowerShell and AutoIT scripts disguised as JPG image files.

Files in the RAR archiveFiles in the RAR archive
Source: Trellix

Malware researchers at cybersecurity company Trellix say that the infection starts when victims execute the .LNK file. During the process, it loads the PowerShell script that hides within blank spaces commands that are automatically executed in the Command Prompt.

The PS script moves to the %APPDATA%MicrosoftWindows directory two files (zz1Cover2.jpg and zz1Cover3.jpg). One of them is the executable for AutoIt and renamed AutoIt3.exe.

To maintain persistence, the same script configures the Task Scheduler to run AutoIt3.exe every five minutes after the user logs in.

Scheduled tasks added by ViperSoftXScheduled tasks added by ViperSoftX
Source: Trellix

Stealthy operation

By using CLR to load and execute PowerShell commands within the AutoIt environment, ViperSoftX seeks to blend into legitimate activities on the system and evade detection.

This is possible because despite AutoIT not supporting .NET CLR natively, users can define functions that allow invoking PowerShell commands indirectly.

ViperSoftX uses heavy Base64 obfuscation and AES encryption to hide the commands in the PowerShell scripts taken from the image decoy files.

The malware also includes a function to modify the memory of the Antimalware Scan Interface (AMSI) function (‘AmsiScanBuffer’) to bypass security checks on the scripts.

ViperSoftX attack flowViperSoftX attack flow
Source: Trellix

For network communication, ViperSoftX uses deceptive hostnames like ‘security-microsoft.com. To stay under the radar, system information is encoded in the Base64 format and the data is delivered via a POST request with a content length of “0.” In doing so, the threat actor again tries to avoid attention due to the lack of body content.

The objective of ViperSoftX is to steal the following data from compromised systems:

System and hardware details
Cryptocurrency wallet data from browser extensions like MetaMask, Ronin Wallet, and many others
Clipboard contents

ViperSoftX checking the browser extensionsViperSoftX checking the browser extensions
Source: Trellix

Trellix says that ViperSoftX has refined its evasion tactics and has become a bigger threat. By integrating CLR to execute PowerShell inside AutoIt, the malware manages to run malicious functions while evading security mechanisms that typically catch standalone PowerShell activity.

The researchers describe the malware as a sophisticated and agile modern threat that can be thwarted with “a comprehensive defense strategy that encompasses detection, prevention, and response capabilities.”

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : BleepingComputer – https://www.bleepingcomputer.com/news/security/vipersoftx-malware-covertly-runs-powershell-using-autoit-scripting/

Tags: malwaretechnologyViperSoftX
Previous Post

CISA urges devs to weed out OS command injection vulnerabilities

Next Post

GitLab: Critical bug lets attackers run pipelines as other users

Milan Fashion Week Asks the Question: Is It the Best-Dressed City in The World? – The New York Times

Milan Fashion Week Asks the Question: Is It the Best-Dressed City in The World? – The New York Times

October 1, 2025
How a government shutdown would impact the economy – CBS News

How a Government Shutdown Could Impact the Economy

October 1, 2025
Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

October 1, 2025

Teresa Nicholson Celebrated as Pardee Hospital’s Teammate of the Year

September 30, 2025
Interim study committee discusses expanding postpartum care for Hoosier women – The Statehouse File

Interim study committee discusses expanding postpartum care for Hoosier women – The Statehouse File

September 30, 2025
Microplastics and invasive crayfish: emerging interactions and ecological implications from three coexisting species in a subalpine lake – Nature

Uncovering the Hidden Impact: How Microplastics and Invasive Crayfish Interact in a Subalpine Lake Ecosystem

September 30, 2025
Scientists Warn: Bottled Water May Pose Serious Long-Term Health Risks – SciTechDaily

Scientists Reveal Shocking Long-Term Health Risks of Bottled Water

September 30, 2025
You Can Trigger ‘Time Expansion’—Meaning You Can Stretch Seconds and Warp Reality, Scientists Say – Popular Mechanics

Unlock the Secret to Stretching Seconds and Bending Reality: Scientists Reveal How to Trigger ‘Time Expansion

September 30, 2025
Roiserv Lifestyle Services Announces Key Corporate Changes at Upcoming EGM – TipRanks

Roiserv Lifestyle Services Announces Exciting Corporate Overhaul Ahead of Key EGM

September 30, 2025
Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

September 30, 2025

Categories

Archives

October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  
« Sep    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (844)
  • Economy (865)
  • Entertainment (21,740)
  • General (17,336)
  • Health (9,909)
  • Lifestyle (878)
  • News (22,149)
  • People (867)
  • Politics (876)
  • Science (16,075)
  • Sports (21,365)
  • Technology (15,848)
  • World (848)

Recent News

Milan Fashion Week Asks the Question: Is It the Best-Dressed City in The World? – The New York Times

Milan Fashion Week Asks the Question: Is It the Best-Dressed City in The World? – The New York Times

October 1, 2025
How a government shutdown would impact the economy – CBS News

How a Government Shutdown Could Impact the Economy

October 1, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version