Vipersoftx Malware

System
edited May 2023 in Lounge
[Discussion was mistakingly merged. Now split into a separate discussion again.]

Comments

  • schwim
    schwim
    Community Member

    https://www.bleepingcomputer.com/news/security/vipersoftx-info-stealing-malware-now-targets-password-managers/

    Hello friends!

    I read this alarmist and under-informational article and thought I'd come and ask the experts.

    Is there anything to do other than don't click or install suspicious stuff?

    It seems it doesn't do anything to 1pass, it just looks for it's existence and pass some clear text info back to c2.

    I saw that avast software was catching the attempts to run of the malware in question, I'm considering downloading their app but I generally loathe antivirus software, having eschewed it for the last 30 years and sticking with just common sense and windows baked in stuff. And nothing on my Linux installs. It seems that less and less is being asked of the victim to run this stuff though so I'm reconsidering another layer of protection.

  • Hi there @schwim

    It's been said before but it bears repeating: If your computer is compromised by malware, all bets are off.

    We would always recommend that customers take advantage of (at least) the built-in anti-malware protection in their operating system, such as Windows Defender, and/or another anti-virus app if they want.

    Is there anything to do other than don't click or install suspicious stuff?

    In direct answer to your question, "no". Where you said "don't click or install suspicious stuff" is exactly correct. Much of your defence against malware is by being careful about what you install and from where, even before any anti-malware protection is involved. You're the first link in the security chain, after all.

    If you think your computer might be running something it shouldn't be, you should immediately lock 1Password. Then, you should run an anti-malware scan and take any appropriate actions based on the results.

    If you have the slightest suspicion that your 1Password account details have been compromised, you should change your Secret Key and account password immediately through My Profile on 1Password.com, and Deauthorize any devices that might have been affected.

    I'll be here if you have any questions. :)

    — Grey

  • schwim
    schwim
    Community Member

    Thanks very much for taking the time to reply, Grey. I ended up purchasing a year of Kapersky at their discounted rate. I'll likely move to something else when their renewal triples the cost but I've got a year to figure out what I'll move to.

  • I'm happy that Grey was able to answer your question. 🙂

    -Dave

  • TOWS
    TOWS
    Community Member

    I have read Grey's post regarding this malicious software, but, after watching this video I learned that Vipersoftx Malware has now become more sophisticated and more prevalent than when it was first discovered three years ago. My machine is well (if not too) protected but it's still a HUGE concern.

    I assume that one would have to install some kind of browser extension or add-on to get infected (although I am aware there's other ways to get infected with malware on your PC such as visiting "dodgy websites" or clicking random links etc) given this, how can I tell if a 1Password update for the browser extension is legitimate and not this Vipersoftx Malware impersonating you?

    Also, I think I am correct in saying that Vipersoftx can only perform its nasty deeds on the browser extension right? So, In theory, if I uninstalled the 1Password extension I would be safe from the threat? If this is the case, is 1Password working on releasing some kind of protection or counter measure? Because uninstalling the extension would be so inconvenient for logging into websites etc.

  • Dave_1P
    edited May 2023

    @TOWS

    Thank you for your questions. The best defence against malware of this sort is to adopt good security practices. According to various cybersecurity organizations this malware is mostly spread by users downloading cracked or illegal versions of software, a good way to avoid being infected is to always:

    1. Only download official versions of software from a developer's website or from a reputable app/web store.
    2. Keep operating system protections against malware turned on. For example, on macOS make sure that Gatekeeper is set to only allow applications from the "App store and identified developers".
    3. Keep your system updated and don't run old unsupported versions of software. This is especially important for browsers, operating systems, and 1Password itself.

    You can also run anti-malware software for further protection. At a minimum, keep Windows Defender on if you're using Windows.

    Our team is continually evaluating how we can better protect your data locally on your device. We recently increased PBKDF2 hashing to 650,000 which helps protect you from a brute force attack that tries to guess your account password. And we use the native security features of each platform, such as Secure Input on macOS, to further protect your data as much as possible from malware and keyloggers.

    But, at the end of the day, once malware has control of your system 1Password is limited in how much it can protect you from it. That's why it's important to keep your system protected and to only use 1Password on devices that you know are safe.

    So, In theory, if I uninstalled the 1Password extension I would be safe from the threat?

    Not necessarily. Without the extension you would likely be copying and pasting your passwords from the app thus exposing them to the system clipboard which potentially any other application (including malware) has access to.

    The best way to protect yourself is by being careful to always update your devices, to use a strong and secure account password, to not use illegal or cracked versions of software, to not download unexpected email attachments, to not click on links whose destination you're not sure of, and to always install apps and extensions from reputable sources.

    how can I tell if a 1Password update for the browser extension is legitimate and not this Vipersoftx Malware impersonating you?

    Only install our extension from official browser web stores. The official web store version of our extension is developed and signed by us and is further reviewed by Apple/Mozilla/Google/Microsoft to verify that the extension is legitimate and safe to use. You can find our extension for all major browsers here: Get 1Password in your browser

    -Dave

  • TOWS
    TOWS
    Community Member

    @Dave_1P Thank you for your in-depth answer and reassurance. I appreciate your time and now feel I am better prepared.

  • I'm happy to help. 🙂

    -Dave

This discussion has been closed.