216.73.217.50

ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor

· Published 10/04/2025 18:50 · Modified 10/04/2025 20:12

Export JSON

Essential information

Published
10/04/2025 18:50
Modified
10/04/2025 20:12
Tags
2025-04-10 arabic-speaking c&c communication evasion techniques powershell purecrypter quasar rat vbs vipersoftx
Related entities
13 techniques (mitre), 3 malware

Description

An threat actor has been distributing malware to Korean victims since April 1, 2025. The malware, typically spread through cracked software or torrents, operates as a script and communicates with C&C servers. The campaign involves downloading additional malware, including a downloader, malicious script, , and . The attackers use Arabic comments in their code and employ various techniques to evade detection, such as adding Windows Defender exception paths. The downloader ensures administrator privileges and bypasses security software. , a commercial .NET packer, is used as a downloader, while provides remote access capabilities. Users are advised to avoid downloading software from torrent sites and to keep their antivirus solutions updated to prevent infection.

External references