ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts text from images, and the malware scans these extracted strings for phrases related to passwords or cryptocurrency wallets.  If a match is found, the malware exfiltrates the corresponding image by building upon existing functionalities like remote command execution and focusing on a new technique for sensitive data extraction. Attackers are also using ViperSoftX to deploy additional malware strains, such as Quasar RAT and TesseractStealer.  ViperSoftX, a malware combining remote access trojan (RAT) and information stealer functionalities, targets Windows systems as initially distributed as disguised cracks or keygens, and injects RAT malware for system control and infostealer for cryptocurrency wallet addresses.

Source: GBHackers