The listings featured on this site are from companies from which this site receives compensation and some are co-owned by our parent company. This influence: Rank and manner in which listings are presented.
Learn more
The How To Guide was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on The How To Guide are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

The How To Guide was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on The How To Guide are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Password Managers Targeted by ViperSoftX Malware

Password Managers Targeted by ViperSoftX Malware
Author Image Keira Waddell
Keira Waddell First published on May 02, 2023 Former Senior Writer

Cybersecurity researchers at Trend Micro have discovered a new version of the ViperSoftX information-stealing malware with a broader range of targets, including the password managers KeePass and 1Password. The malware has been previously known to steal data from infected devices and install a malicious extension named VenomSoftX on the Chrome browser. However, the targeted browsers now also include Brave, Edge, Opera, and Firefox.

ViperSoftX was initially discovered in 2020 as a JavaScript-based remote access trojan and crypto hijacker. However, a stronger version was reported by Avast in November 2022. The malware typically arrives alongside software cracks, activators, or key generators, hiding within seemingly harmless software. Trend Micro reports that ViperSoftX targets both the consumer and enterprise sectors, with over 50% of the detected activity occurring in Australia, Japan, the US, India, Malaysia, Taiwan, Italy, and France.

Notably, the malware now searches for files linked with the browser extensions of 1Password and KeePass password managers, with the intent to steal the stored data. However, it isn’t entirely clear at this point how the malware would achieve this. Trend Micro told Bleeping Computer that it believes that if password managers are detected, the threat actors could breach them with yet-to-be-seen methods in later stages of the attack.

ViperSoftX can also steal from more cryptocurrency wallets than before. Targeted wallets include Blockchain, Binance, Kraken, eToro, Coinbase, Gate.io, Bitcoin, Delta, Exodus, Coin98, Coinbase, MetaMask, Enkrypt, and many more.

This latest iteration of ViperSoftX features strong anti-detection, anti-analysis, and stealth-boosting features, including DLL sideloading, byte mapping to encrypt its code, and a new communication blocker on web browsers to make C2 infrastructure analysis and malicious traffic detection harder.

To safeguard against these kinds of attacks, it’s advised to avoid downloading illegal software cracks, activators, or key generators. They commonly contain various dangerous malware — not just ViperSoftX.

About the Author

  • Author Image Keira Waddell
  • Keira Waddell Former Senior Writer

Keira was a senior writer at The How To Guide. She is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

This field must contain more than 50 characters

The field content should not exceed 1000 letters

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address