ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor

SUMMARY :

An Arabic-speaking threat actor has been distributing ViperSoftX malware to Korean victims since April 1, 2025. The malware, typically spread through cracked software or torrents, operates as a PowerShell script and communicates with C&C servers. The campaign involves downloading additional malware, including a VBS downloader, malicious PowerShell script, PureCrypter, and Quasar RAT. The attackers use Arabic comments in their code and employ various techniques to evade detection, such as adding Windows Defender exception paths. The PowerShell downloader ensures administrator privileges and bypasses security software. PureCrypter, a commercial .NET packer, is used as a downloader, while Quasar RAT provides remote access capabilities. Users are advised to avoid downloading software from torrent sites and to keep their antivirus solutions updated to prevent infection.

OPENCTI LABELS :

powershell,purecrypter,evasion techniques,vipersoftx,quasar rat,vbs,c&c communication,arabic-speaking


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor