+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: Security (https://www.geeks.fyi/forumdisplay.php?fid=68)
+--- Forum: Security Vendors (https://www.geeks.fyi/forumdisplay.php?fid=87)
+---- Forum: Other Security Vendors (https://www.geeks.fyi/forumdisplay.php?fid=122)
+----- Forum: AhnLab (https://www.geeks.fyi/forumdisplay.php?fid=136)
+----- Thread: ASEC_ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor (/showthread.php?tid=20786)
ASEC_ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor - jasonX - 15 April 25
![[Image: WYlM66o.png]](https://i.imgur.com/WYlM66o.png)
ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor
![[Image: OYfCidW.png]](https://i.imgur.com/OYfCidW.png)
AhnLab SEcurity intelligence Center (ASEC) uncovered that attackers, suspected to be Arabic speakers, have been distributing ViperSoftX malware targeting Korean victims since April 1, 2025. ViperSoftX is typically spread through cracked software or torrents, masquerading as legitimate programs.
Quote:The main characteristic of ViperSoftX is that it operates as a PowerShell script. During the C&C communication process, parameters such as “/api/”, “/api/v1”, “/api/v2”, “/api/v3/” are always included in the URI path. After the C&C communication process, additional malware is downloaded. In this particular campaign, while the initial distribution method of ViperSoftX remains unclear, the PowerShell and VBS code used for C&C communication contains Arabic comments, suggesting that the attacker is an Arabic speaker.
According to the AhnLab Smart Defense (ASD) infrastructure, the additional malware such as VBS downloader, malicious powershell script, PureCrypter (a downloader), and Quasar RAT are downloaded from ViperSoftX. The following information is identified during ViperSoftX C&C communication process....
Full Article_ ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor
ASEC (AhnLab SEcurity intelligence Center)
Data and info derived from AhnLab with permission