www.trendmicro.com
Open in
urlscan Pro
23.56.204.250
Public Scan
URL:
https://www.trendmicro.com/en_us/research/23/d/vipersoftx-updates-encryption-steals-data.html
Submission: On April 29 via api from TR — Scanned from DE
Submission: On April 29 via api from TR — Scanned from DE
Form analysis 3 forms found in the DOM
<form class="main-menu-search" aria-label="Search Trend Micro">
<div class="main-menu-search__field-wrapper" id="cludo-search-form">
<table cellspacing="0" cellpadding="0" class="gsc-search-box" style="width:100%">
<tbody>
<tr>
<td class="gsc-input">
<input type="text" size="10" class="gsc-input" name="search" title="search" placeholder="Search Trend Micro" autocomplete="off">
</td>
</tr>
</tbody>
</table>
</div>
</form><form class="main-menu-search" aria-label="Search Trend Micro">
<div class="main-menu-search__field-wrapper" id="cludo-search-form-mobile">
<table cellspacing="0" cellpadding="0" class="gsc-search-box" style="width:100%">
<tbody>
<tr>
<td class="gsc-input">
<input type="text" size="10" class="gsc-input" name="search" title="search" placeholder="Search Trend Micro" autocomplete="off">
</td>
<td class="gsc-search-close collapsed" style="width:1%;" data-target="#search-mobile-wrapper" data-toggle="collapse">
<span class="icon-close"></span>
</td>
</tr>
</tbody>
</table>
</div>
</form>POST #
<form class="acsb-form" data-acsb-search="form" enctype="multipart/form-data" action="#" method="POST"> <input type="text" tabindex="0" name="acsb_search" autocomplete="off" placeholder="Unclear content? Search in dictionary..."
aria-label="Unclear content? Search in dictionary..."> <i class="acsbi-search"></i> <i class="acsbi-chevron_down"></i> </form>Text Content
Use Website In a Screen-Reader Mode
Skip to Content
↵ENTER
Skip to Menu
↵ENTER
Skip to Footer
↵ENTER
dismiss
0 Alerts
undefined
* No new notifications at this time.
Download
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
Buy
* Find a Partner
* Home Office Online Store
* Renew Online
* Free Tools
* Contact Sales
* Locations Worldwide
* 1-888-762-8736 (M-F 8am - 5pm CST)
* Small Business
* Buy Online
* Renew Online
Region
* The Americas
* United States
* Brasil
* Canada
* México
* Middle East & Africa
* South Africa
* Middle East and North Africa
* Europe
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Nederland
* Norge (Norway)
* Polska (Poland)
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
* Asia & Pacific
* Australia
* Центральная Азия (Central Asia)
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* Монголия (Mongolia) and рузия (Georgia)
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
Log In
* Business Support Portal
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
* Referral Affiliate
Free trials
* Cloud
* Detection and Response
* User Protection
Folio (0)
Contact Us
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
Business
Solutions Solutions
Platform
Trend Micro One
By Challenge
Understand, Prioritize & Mitigate Risks
Protect Cloud-Native Apps
Protect Your Hybrid World
Securing Your Borderless Workforce
Eliminate Network Blind Spots
See More. Respond Faster.
Extend Your Team
By Role
CISO
SOC Manager
Infrastructure Manager
Cloud Builder and Developer
Cloud Security Ops
By Industry
Healthcare
Manufacturing
Oil & Gas
Electric Utility
Federal
Automotive
5G Networks
Products Products
Cloud Security
Cloud Security Overview
Workload Security
Cloud Security Posture Management
Container Security
File Storage Security
Endpoint Security
Network Security
Open Source Security
Cloud Visibility
Network Security
Network Security Overview
Network Intrusion Prevention (IPS)
Breach Detection System (BDS)
Secure Service Edge (SSE)
OT & ICS Security
Endpoint & Email Security
Endpoint & Email Security Overview
Endpoint Protection
Email Security
Mobile Security
Security Operations
Security Operations Overview
Attack Surface Management
XDR (Extended Detection & Response)
Threat Intelligence
All Products & Trials
Our Unified Platform
Service Packages
Small & Midsize Business Security
Services Services
Our Services
Service Packages
Managed XDR
Support Services
Research Research
Research
About Our Research
Research, News and Perspectives
Research and Analysis
Blog
Security Reports
Security News
Zero Day Initiatives (ZDI)
Resources
CISO Resource Center
DevOps Resource Center
Cyber Risk Index/Assessment
Threat Encyclopedia
What Is?
Glossary of Terms
EXPLORE THE CYBER RISK INDEX (CRI)
Use the CRI to assess your organization’s preparedness against attacks, and get
a snapshot of cyber risk across organizations globally.
Calculate your risk
Partners Partners
Channel Partners
Channel Partner Overview
Managed Service Provider
Cloud Service Provider
Professional Services
Resellers
Marketplace
System Integrators
Alliance Partners
Alliance Overview
Technology Alliance Partners
Our Alliance Partners
Partner Tools
Partner Login
Education and Certification
Partner Successes
Distributors
Find a Partner
About About
Why Trend Micro
The Trend Micro Difference
Customer Success Stories
The Human Connections
Industry Accolades
Strategic Alliances
Company
Trust Center
History
Diversity, Equity & Inclusion
Corporate Social Responsibility
Leadership
Security Experts
Internet Safety and Cybersecurity Education
Legal
Resources
Newsroom
Events
Investors
Careers
Webinars
×
Folio (0)
0 Alerts
undefined
* No new notifications at this time.
Download
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
Buy
* Find a Partner
* Home Office Online Store
* Renew Online
* Free Tools
* Contact Sales
* Locations Worldwide
* 1-888-762-8736 (M-F 8am - 5pm CST)
* Small Business
* Buy Online
* Renew Online
Region
* The Americas
* United States
* Brasil
* Canada
* México
* Middle East & Africa
* South Africa
* Middle East and North Africa
* Europe
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Nederland
* Norge (Norway)
* Polska (Poland)
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
* Asia & Pacific
* Australia
* Центральная Азия (Central Asia)
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* Монголия (Mongolia) and рузия (Georgia)
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
Log In
* Business Support Portal
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
* Referral Affiliate
Free trials
* Cloud
* Detection and Response
* User Protection
Folio (0)
Contact Us
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
* No new notifications at this time.
* No new notifications at this time.
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
* Find a Partner
* Home Office Online Store
* Renew Online
* Free Tools
* Contact Sales
* Locations Worldwide
* 1-888-762-8736 (M-F 8am - 5pm CST)
* Small Business
* Buy Online
* Renew Online
* The Americas
* United States
* Brasil
* Canada
* México
* Middle East & Africa
* South Africa
* Middle East and North Africa
* Europe
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Nederland
* Norge (Norway)
* Polska (Poland)
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
* Asia & Pacific
* Australia
* Центральная Азия (Central Asia)
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* Монголия (Mongolia) and рузия (Georgia)
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
* Business Support Portal
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
* Referral Affiliate
* Cloud
* Detection and Response
* User Protection
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
undefined
Malware
ViperSoftX Updates Encryption, Steals Data
Subscribe
Content added to Folio
Folio (0) close
Malware
VIPERSOFTX UPDATES ENCRYPTION, STEALS DATA
We observed cryptocurrency and information stealer ViperSoftX evading initial
loader detection and making its lure more believable by making the initial
package loader via cracks, keygens, activators, and packers non-malicious. We
also noted more sophisticated encryption and basic anti-analysis techniques,
such as byte remapping and web browser communication blocking.
By: Don Ovid Ladores April 24, 2023 Read time: 8 min (2106 words)
Save to Folio
Subscribe
--------------------------------------------------------------------------------
ViperSoftX, a type of information-stealing software, has been primarily reported
as focusing on cryptocurrencies, making headlines in 2022 for its execution
technique of hiding malicious code inside log files. Since it was first
documented in November, we observed this malware campaign differentiating itself
from its previous iteration with the use of DLL sideloading for its arrival and
execution technique. We also noted that this update includes a more
sophisticated encryption method of byte remapping and a monthly change in
command-and-control (C&C) server. Without the correct byte map, the encrypted
shellcode, including all components and relevant data, cannot be correctly
decrypted, making decryption and analysis of the shellcode more time-consuming
for analysts.
We’ve noted a significant number of victims in the consumer and enterprise
sectors, with Australia, Japan, and the United States as the top three countries
affected by ViperSoftX in the consumer category. Meanwhile, victim organizations
from Southeast Asian countries comprised the enterprise sector.
Figure 1. Top 10 countries affected by ViperSoftX in both the consumer and
enterprise sectors
Source: Trend Micro™ Smart Protection Network™ (SPN)
Arrival routine
For majority of cases, ViperSoftX typically arrives as a software crack, an
activator or a patcher, or a key generator (keygen). In blocking and detecting
these illicit software solutions, we have come to believe that the people behind
these kinds of software try to convince users looking for bootleg software
versions that these are not malicious and are simply flagged as “false
positives.” It is also a common gimmick for cybercriminals to pose malware as a
keygen or an activator. Actors behind ViperSoftX take this narrative a step
further by using actual non-malicious software to hide and pose as typical
illegal software versions. ViperSoftX uses these files as “carriers” of the main
malware encrypted within the overlay.
While the malicious actors abuse neither definitive software nor target any
definitive applications, they commonly use multimedia editors or video format
converters, cryptocurrency coinminer apps, phone-related desktop apps, and
system cleaner apps. Through all the samples we analyzed, we consistently
observed the following binary carriers:
1. gup.exe from Notepad++
2. firefox.exe from Tor
3. ErrorReportClient.exe from Magix, a type of multimedia-editing software
Figure 2. Typical arrival package of the malware
The malware arrives as a package of the carrier executable and the
decryptor/loader DLL, typically downloaded from the websites or torrents of
(illegal) software solutions. For the most part, the malware is posed as a
software activator, patcher, or keygen, among other similar software
executables. The malicious routine starts after the software executables have
been included and run in the system.
We also noticed that ViperSoftX’s primary C&C servers for the second stage
download would change on a monthly basis:
* February: chatgigi2[.]com
* March: arrowlchat[.]com
* April: static-cdn-349[.]net
Infection routine
Figure 3. Execution flow of ViperSoftX
ViperSoftX first checks for a few virtualization strings and monitoring tools to
check if the system is running a virtual machine (VM). Using WQL command SELECT
Manufacturer, Model FROM Win32_ComputerSystem to query ROOT\CIMV2, it checks for
the following strings:
* VMWare
* Virtual
The malware checks if there are monitoring tools, specifically Process Monitor,
running in the current machine with the following strings:
* procmon
* procmon64
* procmon64a
Lastly, ViperSoftX checks for a few installed and active antivirus products,
namely:
* Windows Defender
* ESET
If all checks pass, the malware proceeds to decrypt the PowerShell code and
starts downloading the main ViperSoftX routine. From there, the routine is its
standard multistage download and execution routine.
Figure 4. Execution of the first-stage PowerShell downloader after passing
through blacklisting
Unique encryption
Byte mapping is a considerably simple technique. It does not require any complex
computations, and the only operation it requires is to put the correct byte in
the correct location. For their part, cybercriminals benefit from this malware
as it reduces the presence and actions made by a large graph of objects.
Unlike the typical bitwise operations from typical decryption routines,
ViperSoftX uses byte remapping to ensure that the shellcode cannot be easily
decrypted without the correct byte map, weaving a cross-stitch template to the
palette of 256 (0x100h) bytes. Though this is a very rigid method of hiding its
codes, it provides some level of protection against forced decryption.
Figure 5. Comparison of two ViperSoftX carrier executables with byte remapping.
Note: The bytes of the encrypted section is a specific index on the byte map
found in the sideloaded DLL. Comparing the mapping of the first four bytes on
two samples shows that their offsets within the encrypted region remain the same
since they result in a similar shellcode even if they are composed of different
bytes per binary.
When the screenshots of the two carrier executables are compared, the number (or
code) changed but the location/offset remains the same. The same is true for all
the other bytes. While analysts will see the pattern of the arrangement, it is
unlikely that they would be able to decrypt this without the correct sequence of
bytes used in the mapping. If this pattern is a text or a string, it would not
be difficult to apply brute force. However, considering this is a byte character
(with 256 different bytes) and an assembly code instruction at that,
brute-forcing it would unlikely yield correctly decrypted results.
We have also found that each sideloader DLL has its own pair of executable and
byte map, and a decryption attempt returns an incorrectly rearranged shellcode
if used with another ViperSoftX-related executable. This ensures that the
shellcode will not be decrypted without the correct DLL since the latter
contains the correct byte map. Moreover, all the strings, binaries, and other
relevant data within the ViperSoftX DLL also gets decrypted the same way.
Afterward, the shellcode will then decrypt and load the main ViperSoftX DLL
embedded within the carrier.
Figure 6. ViperSoftX DLL containing the hard-coded byte map (256 bytes long
denoting specific bytes from “0x00” to “0xff”)
Figure 7. The actual bytes of the decrypted shellcode
This technique for encryption-decryption is not new but is mostly popular with
script malware. As of this writing, the most recent piece of malware that uses
this technique is the JavaScript- or Windows Scripting File-packed Magniber
ransomware. Considering the former is a type of script malware, however, this
technique for encryption-decryption is easily more discernable during analysis
because both the encrypted data and the mapping are in the same file. In
contrast to our ViperSoftX sample, which is a full binary file, the table
becomes harder to find. Furthermore, since the data to be decrypted is in
another file, the routine becomes even more difficult to investigate, as
analysts would need the correct pair for decryption.
Password theft
Since it was first documented, ViperSoftX has been known as a cryptocurrency
stealer. However, we found from our investigations that ViperSoftX can check not
only for cryptocurrencies but also for a few password managers. It also uses
some basic anti-C&C analyses by disallowing communications using web browsers.
Figure 8. Response when accessing the C&C via web browsers (top), and modifying
the user-agent to access the C&C and return encoded data (bottom)
It still downloads a PowerShell code (the main ViperSoftX script) to crawl
through different paths in the system for cryptocurrency wallets. ViperSoftX
scans for these cryptocurrency wallets in local directories:
* Armory
* Atomic Wallet
* Binance
* Bitcoin
* Blockstream Green
* Coinomi
* Delta
* Electrum
* Exodus
* Guarda
* Jaxx Liberty
* Ledger Live
* Trezor Bridge
The malware also checks for the following wallets via browser extensions:
* Binance
* Coin98
* Coinbase
* Jaxx Liberty
* MetaMask
* Mew CX (now Enkrypt)
Install browser components:
* Brave Browser
* Chrome
* Firefox
* Microsoft Edge
* Opera
The updated version of ViperSoftX includes a check mechanism for two password
managers, namely KeePass 2 and 1Password. Noting the malware’s capability to
scann KeePass, we looked into the possible abuse of the KeePass security gap
CVE-2023-24055, which forces the application to dump stored passwords in plain
text (a feature already disabled in recent patches and versions). According to
our investigation, although there are low numbers of victims related to the
exploit, the said detections do not appear related to ViperSoftX victims.
Figure 9. PowerShell code searching for the browser link files to inject a
command line and load malicious extensions
Figure 10. ViperSoftX scanning browser extensions and directories for wallets
and password managers
Victims affected: Consumers and businesses alike
Due to the nature of its arrival technique, we primarily assumed that the
targets and victims would be regular users. However, we were surprised to see
that the enterprise sector made up over 40% of the total number of victims. It
is also notable that the leading countries and regions affected by the malware
campaign are Australia and Japan with almost the same numbers, while US came at
a close third with almost half as much victims at the consumer level. On the
other hand, the majority of the affected enterprise sector can be found in Asia.
Figure 11. Top 10 countries affected by ViperSoftX malware in the enterprise
(top) and consumer (bottom) sectors
Source: Trend Micro Smart Protection Network (SPN)
Conclusion and insights
While other cybercriminals use sideloading to load another non-binary component
(usually the encrypted payload, which comes together as a package with the
normal executable and the sideloaded DLL), the chosen techniques of the actors
behind ViperSoftX (which involve using WMI Query Language (WQL), DLL
sideloading/DLL load order hijacking, PowerShell reflective loading, browser
hijacking, and C&C protection) are sophisticated.
The cybercriminals behind ViperSoftX are also skilled enough to execute a
seamless chain for malware execution while staying under the radar of
authorities by selecting one of the most effective methods for delivering
malware to consumers. Although we have observed some changes throughout their
campaigns, the pace of ViperSoftX’s development can be considered slow compared
to other types of stealer malware.
The group behind this malware has been doing this for a number of years, and it
knows its target systems based on the simultaneous use of techniques to steal
cryptocurrencies and passwords. In this respect, we believe there are actually
at least two groups responsible for this ViperSoftX campaign based on the
malware’s C&C communication. As the first set of players, the main group is
responsible for the deployments. On the other hand, considering the monthly
change of C&C servers and communication exchange, we believe in the possibility
of another group involved based on the different coding or C&C scheme.
ViperSoftX uses a domain-generating algorithm (DGA) to hide its C&C server and
generate useless traffic. From the DGA technique, we observed that majority of
the activities are dominated by the main group, which utilizes a simple DGA.
However, there are a number of activities that appear to use a different DGA. We
do not discount the possibility that these can either be older samples or
different operators entirely.
While ViperSoftX appears to be targeting consumers considering its chosen means
for entry, we found it interesting that it also affects the business sector. One
possible theory behind why businesses are affected by this campaign has to do
with recent layoffs and possible budget cuts. While some users might be looking
to freelance and upend their incomes while in between jobs, others might have
been prompted to download tools from unofficial platforms to “save costs” and
circumvent tools not found in office-issued devices. Nonetheless, we strongly
recommend that users download the software and applications they need from
official platforms. Cracks and other illegally owned software will only work for
certain periods since majority of license verification methods are now done in
the cloud. If features such as updates to circumvent the replacement of cracks
or patches are disabled, users would then be putting their respective systems at
greater risk of attacks or infections.
Here are some additional recommendations to prevent the risks of infection from
malware types like ViperSoftX:
* Download software and applications from official platforms and sources.
* Instead of downloading illegal software, choose alternative freeware
solutions from reputable sources and platforms.
* Download security solutions that can detect and block malicious components in
seemingly legitimate and non-malicious software and applications.
Trend Micro solutions
Trend Micro customers are protected from threats like ViperSoftX with Trend
Micro Vision One™, which provides multilayered protection and behavior
detection, thereby blocking questionable behavior and tools before a piece of
malware can do any damage. Implementing a multifaceted approach can aid
organizations in securing potential entry points into their systems such as
endpoint, email, web, and network. With the help of security solutions that can
identify malevolent elements and questionable activities, enterprises can be
safeguarded via automated protection while also ensuring that no significant
incidents go unnoticed.
Indicators of Compromise (IOCs)
The list of IOCs can be downloaded here.
Tags
Malware | Endpoints | Cyber Crime | Articles, News, Reports | Cyber Threats
AUTHORS
* Don Ovid Ladores
Threats Analyst
Contact Us
Subscribe
RELATED ARTICLES
* Rapture, a Ransomware Family With Similarities to Paradise
* Update Now: PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
* Attackers Use Containers for Profit via TrafficStealer
See all articles
* Contact Sales
* Locations
* Careers
* Newsroom
* Trust Center
* Privacy
* Accessibility
* Support
* Site map
* linkedin
* twitter
* facebook
* youtube
* instagram
* rss
Copyright © 2023 Trend Micro Incorporated. All rights reserved.
sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk
This website uses cookies for website functionality, traffic analytics,
personalization, social media functionality and advertising. Our Cookie Notice
provides more information and explains how to amend your cookie settings.Learn
more
Cookies Settings Accept
English
Accessibility Adjustments
Reset Settings Statement Hide Interface
Choose the right accessibility profile for you
OFF ON
Seizure Safe Profile Clear flashes & reduces color
This profile enables epileptic and seizure prone users to browse safely by
eliminating the risk of seizures that result from flashing or blinking
animations and risky color combinations.
OFF ON
Vision Impaired Profile Enhances website's visuals
This profile adjusts the website, so that it is accessible to the majority of
visual impairments such as Degrading Eyesight, Tunnel Vision, Cataract,
Glaucoma, and others.
OFF ON
ADHD Friendly Profile More focus & fewer distractions
This profile significantly reduces distractions, to help people with ADHD and
Neurodevelopmental disorders browse, read, and focus on the essential elements
of the website more easily.
OFF ON
Cognitive Disability Profile Assists with reading & focusing
This profile provides various assistive features to help users with cognitive
disabilities such as Autism, Dyslexia, CVA, and others, to focus on the
essential elements of the website more easily.
OFF ON
Keyboard Navigation (Motor) Use website with the keyboard
This profile enables motor-impaired persons to operate the website using the
keyboard Tab, Shift+Tab, and the Enter keys. Users can also use shortcuts such
as “M” (menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics)
to jump to specific elements.
Note: This profile prompts automatically for keyboard users.
OFF ON
Blind Users (Screen Reader) Optimize website for screen-readers
This profile adjusts the website to be compatible with screen-readers such as
JAWS, NVDA, VoiceOver, and TalkBack. A screen-reader is software that is
installed on the blind user’s computer and smartphone, and websites should
ensure compatibility with it.
Note: This profile prompts automatically to screen-readers.
Content Adjustments
Content Scaling
Default
Readable Font
Highlight Titles
Highlight Links
Text Magnifier
Adjust Font Sizing
Default
Align Center
Adjust Line Height
Default
Align Left
Adjust Letter Spacing
Default
Align Right
Color Adjustments
Dark Contrast
Light Contrast
High Contrast
High Saturation
Adjust Text Colors
Cancel
Monochrome
Adjust Title Colors
Cancel
Low Saturation
Adjust Background Colors
Cancel
Orientation Adjustments
Mute Sounds
Hide Images
Read Mode
Reading Guide
Useful Links
Select an option Home Header Footer Main Content
Stop Animations
Reading Mask
Highlight Hover
Highlight Focus
Big Black Cursor
Big White Cursor
HIDDEN_ADJUSTMENTS
Keyboard Navigation
Accessible Mode
Screen Reader Adjustments
Read Mode
Web Accessibility By
Learn More
Choose the Interface Language
English
Español
Deutsch
Português
Français
Italiano
עברית
繁體中文
Pусский
عربى
عربى
Nederlands
繁體中文
日本語
Polski
Türk
Accessibility StatementCompliance status
We firmly believe that the internet should be available and accessible to anyone
and are committed to providing a website that is accessible to the broadest
possible audience, regardless of ability.
To fulfill this, we aim to adhere as strictly as possible to the World Wide Web
Consortium’s (W3C) Web Content Accessibility Guidelines 2.1 (WCAG 2.1) at the AA
level. These guidelines explain how to make web content accessible to people
with a wide array of disabilities. Complying with those guidelines helps us
ensure that the website is accessible to blind people, people with motor
impairments, visual impairment, cognitive disabilities, and more.
This website utilizes various technologies that are meant to make it as
accessible as possible at all times. We utilize an accessibility interface that
allows persons with specific disabilities to adjust the website’s UI (user
interface) and design it to their personal needs.
Additionally, the website utilizes an AI-based application that runs in the
background and optimizes its accessibility level constantly. This application
remediates the website’s HTML, adapts its functionality and behavior for
screen-readers used by blind users, and for keyboard functions used by
individuals with motor impairments.
If you wish to contact the website’s owner please use the website's form
Screen-reader and keyboard navigation
Our website implements the ARIA attributes (Accessible Rich Internet
Applications) technique, alongside various behavioral changes, to ensure blind
users visiting with screen-readers can read, comprehend, and enjoy the website’s
functions. As soon as a user with a screen-reader enters your site, they
immediately receive a prompt to enter the Screen-Reader Profile so they can
browse and operate your site effectively. Here’s how our website covers some of
the most important screen-reader requirements:
1. Screen-reader optimization: we run a process that learns the website’s
components from top to bottom, to ensure ongoing compliance even when
updating the website. In this process, we provide screen-readers with
meaningful data using the ARIA set of attributes. For example, we provide
accurate form labels; descriptions for actionable icons (social media icons,
search icons, cart icons, etc.); validation guidance for form inputs;
element roles such as buttons, menus, modal dialogues (popups), and others.
Additionally, the background process scans all of the website’s images. It
provides an accurate and meaningful image-object-recognition-based
description as an ALT (alternate text) tag for images that are not
described. It will also extract texts embedded within the image using an OCR
(optical character recognition) technology. To turn on screen-reader
adjustments at any time, users need only to press the Alt+1 keyboard
combination. Screen-reader users also get automatic announcements to turn
the Screen-reader mode on as soon as they enter the website.
These adjustments are compatible with popular screen readers such as JAWS,
NVDA, VoiceOver, and TalkBack.
2. Keyboard navigation optimization: The background process also adjusts the
website’s HTML and adds various behaviors using JavaScript code to make the
website operable by the keyboard. This includes the ability to navigate the
website using the Tab and Shift+Tab keys, operate dropdowns with the arrow
keys, close them with Esc, trigger buttons and links using the Enter key,
navigate between radio and checkbox elements using the arrow keys, and fill
them in with the Spacebar or Enter key.
Additionally, keyboard users will find content-skip menus available at any
time by clicking Alt+2, or as the first element of the site while navigating
with the keyboard. The background process also handles triggered popups by
moving the keyboard focus towards them as soon as they appear, not allowing
the focus to drift outside.
Users can also use shortcuts such as “M” (menus), “H” (headings), “F”
(forms), “B” (buttons), and “G” (graphics) to jump to specific elements.
Disability profiles supported on our website
* Epilepsy Safe Profile: this profile enables people with epilepsy to safely
use the website by eliminating the risk of seizures resulting from flashing
or blinking animations and risky color combinations.
* Vision Impaired Profile: this profile adjusts the website so that it is
accessible to the majority of visual impairments such as Degrading Eyesight,
Tunnel Vision, Cataract, Glaucoma, and others.
* Cognitive Disability Profile: this profile provides various assistive
features to help users with cognitive disabilities such as Autism, Dyslexia,
CVA, and others, to focus on the essential elements more easily.
* ADHD Friendly Profile: this profile significantly reduces distractions and
noise to help people with ADHD, and Neurodevelopmental disorders browse,
read, and focus on the essential elements more easily.
* Blind Users Profile (Screen-readers): this profile adjusts the website to be
compatible with screen-readers such as JAWS, NVDA, VoiceOver, and TalkBack. A
screen-reader is installed on the blind user’s computer, and this site is
compatible with it.
* Keyboard Navigation Profile (Motor-Impaired): this profile enables
motor-impaired persons to operate the website using the keyboard Tab,
Shift+Tab, and the Enter keys. Users can also use shortcuts such as “M”
(menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics) to
jump to specific elements.
Additional UI, design, and readability adjustments
1. Font adjustments – users can increase and decrease its size, change its
family (type), adjust the spacing, alignment, line height, and more.
2. Color adjustments – users can select various color contrast profiles such as
light, dark, inverted, and monochrome. Additionally, users can swap color
schemes of titles, texts, and backgrounds with over seven different coloring
options.
3. Animations – epileptic users can stop all running animations with the click
of a button. Animations controlled by the interface include videos, GIFs,
and CSS flashing transitions.
4. Content highlighting – users can choose to emphasize essential elements such
as links and titles. They can also choose to highlight focused or hovered
elements only.
5. Audio muting – users with hearing devices may experience headaches or other
issues due to automatic audio playing. This option lets users mute the
entire website instantly.
6. Cognitive disorders – we utilize a search engine linked to Wikipedia and
Wiktionary, allowing people with cognitive disorders to decipher meanings of
phrases, initials, slang, and others.
7. Additional functions – we allow users to change cursor color and size, use a
printing mode, enable a virtual keyboard, and many other functions.
Assistive technology and browser compatibility
We aim to support as many browsers and assistive technologies as possible, so
our users can choose the best fitting tools for them, with as few limitations as
possible. Therefore, we have worked very hard to be able to support all major
systems that comprise over 95% of the user market share, including Google
Chrome, Mozilla Firefox, Apple Safari, Opera and Microsoft Edge, JAWS, and NVDA
(screen readers), both for Windows and MAC users.
Notes, comments, and feedback
Despite our very best efforts to allow anybody to adjust the website to their
needs, there may still be pages or sections that are not fully accessible, are
in the process of becoming accessible, or are lacking an adequate technological
solution to make them accessible. Still, we are continually improving our
accessibility, adding, updating, improving its options and features, and
developing and adopting new technologies. All this is meant to reach the optimal
level of accessibility following technological advancements. If you wish to
contact the website’s owner, please use the website's form
Hide Accessibility Interface? Please note: If you choose to hide the
accessibility interface, you won't be able to see it anymore, unless you clear
your browsing history and data. Are you sure that you wish to hide the
interface?
Accept Cancel
Continue
Processing the data, please give it a few seconds...
Press Alt+1 for screen-reader mode
Sumo