According to researchers, Purple Fox malware attacks intensified significantly, and it has launched a total of 90,000 attacks since May 2020.
First detected in 2018, the Purple Fox malware was distributed via phishing emails and exploit kits. At the time, it managed to infect around 30,000 devices. Previously it could deploy other malware strains and was primarily used as a downloader.
As per the latest Guardicore Labs report, this malware has resurfaced with a worm module that lets it scan and infect internet-connected Windows systems. Hence the infection spreads from computer to computer.
According to researchers, the malware now exploits memory corruption and elevation privilege flaws to infect the system via web browsers. Apart from rootkit and backdoor capabilities, the new version uses the SMB brute-force method to infect systems.
How Purple Fox malware Targets Systems?
Purple Fox malware breaks into a machine via vulnerable/exposed server message block (SMB) or other such services to gain initial foothold and persistence. It then pulls the payload from a network of Windows servers and quietly installs the rootkit.
After establishing the infection, it blocks multiple ports, including 445, 139, and 135, to prevent the machine from being exploited by another attacker or be re-infected. Once this is done, it initiates the propagation process by generating IP ranges and scans them on port 445.
It uses the probe to single out vulnerable devices over the internet, such as those with weak passwords, and using brute-force, it traps them into a botnet. It is not yet clear whether the attackers want to use the botnet in
Support the originator by clicking the read the rest link below.
