Jump to content

Does Eset protects against ViperSoftX?


Recommended Posts

Good question since the TrendMicro article states that the malware checks for;

Quote

Lastly, ViperSoftX checks for a few installed and active antivirus products, namely:

  • Windows Defender
  • ESET

If all checks pass, the malware proceeds to decrypt the PowerShell code and starts downloading the main ViperSoftX routine. From there, the routine is its standard multistage download and execution routine.

https://www.trendmicro.com/en_us/research/23/d/vipersoftx-updates-encryption-steals-data.html

This implies it can bypass either. -EDIT- Also, the above statement is ambiguous. It could also mean that the malware won't run if either Eset or MD is installed.

I checked a few IOCs here: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/d/vipersoftx-updates-encryption-steals-data/IOCs_ViperSoftX-updates-encryption-steals-data.txt including the PowerShell script and Eset didn't detect any of them at VirusTotal.

Edited by itman
Link to comment
Share on other sites

Would have helped if I read the entire bleepingcomputer.com article first.

The malware won't execute if Eset is installed;

Quote

Upon arrival, the malware also checks for specific virtualization and monitoring tools like VMWare or Process Monitor and antivirus products like Windows Defender and ESET before it proceeds with the infection routine.

Link to comment
Share on other sites

@itman Thank you for the link to Trentmicro. I read the article and it seems it comes in a crack/patch/keygen. I don't use these sort of things. So that's quite reassuring.

 

I find it interesting that the malware don't proceed if only Eset or Defender is installed. Now it looks that no other AV package can detect/stop this malware. Not a long time ago i was using KeepassXC, but that did not feel good. So i switch to Bitwarden.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...