Jeremys
Essential
- Joined
- 28.09.20
- Messages
- 75
- Reaction score
- 238
- Points
- 18
The malware received a worm-like module that allows you to scan and infect Windows-based systems available on the Network during attacks.
The Purple Fox malware, which was previously distributed using exploit kits and phishing emails, has now released a worm-like module. The new feature allows malware to scan and attack Windows-based systems available on the Network during attacks.
The Purple Fox malware was first detected in 2018 after infecting more than 30,000 devices. The malware has rootkit and backdoor capabilities and is used as a loader for other malware. According to security researchers from Guardicore Labs, since May 2020, the number of Purple Fox attacks has increased by 600%, reaching a figure of 90 thousand attacks.
According to the Guardicore Global Sensors Network (GGSN) telemetry, active port scanning and malware attempts began late last year. After detecting a vulnerable Windows system on the Network, the new Purple Fox module performs a brute force attack via the Server Message Block (SMB) protocol.
According to experts, at present, Purple Fox operators have deployed their malware on almost 2 thousand hacked servers. Affected devices include systems running Windows Server, servers running Microsoft RPC, Microsoft SQL Server 2008 R2, and Microsoft HTTPAPI httpd 2.0, as well as Microsoft Terminal Service.
Before restarting infected devices and ensuring persistence, Purple Fox also installs a module that uses an open-source hidden rootkit to hide deleted Windows files, folders, and registry entries created on infected systems. After starting the rootkit and restarting the device, the malware renames the payload of its DLL library according to the Windows system DLL and configures it to run when the system is turned on.
The Purple Fox malware, which was previously distributed using exploit kits and phishing emails, has now released a worm-like module. The new feature allows malware to scan and attack Windows-based systems available on the Network during attacks.
The Purple Fox malware was first detected in 2018 after infecting more than 30,000 devices. The malware has rootkit and backdoor capabilities and is used as a loader for other malware. According to security researchers from Guardicore Labs, since May 2020, the number of Purple Fox attacks has increased by 600%, reaching a figure of 90 thousand attacks.
According to the Guardicore Global Sensors Network (GGSN) telemetry, active port scanning and malware attempts began late last year. After detecting a vulnerable Windows system on the Network, the new Purple Fox module performs a brute force attack via the Server Message Block (SMB) protocol.
According to experts, at present, Purple Fox operators have deployed their malware on almost 2 thousand hacked servers. Affected devices include systems running Windows Server, servers running Microsoft RPC, Microsoft SQL Server 2008 R2, and Microsoft HTTPAPI httpd 2.0, as well as Microsoft Terminal Service.
Before restarting infected devices and ensuring persistence, Purple Fox also installs a module that uses an open-source hidden rootkit to hide deleted Windows files, folders, and registry entries created on infected systems. After starting the rootkit and restarting the device, the malware renames the payload of its DLL library according to the Windows system DLL and configures it to run when the system is turned on.