Security News > 2020 > July > Purple Fox EK Adds Microsoft Exploits to Arsenal

The Purple Fox exploit kit has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks - and researchers say they expect more attacks to be added in the future.

The Purple Fox EK was previously analyzed in September, when researchers said that it appears to have been built to replace the Rig EK in the distribution chain of Purple Fox malware, which is a trojan/rootkit.

Purple Fox previously used exploits targeting older Microsoft flaws, including ones tracked as CVE-2018-8120 and CVE-2015-1701.

By building their own EK for distribution, the authors of the Purple Fox malware have been able to save money by no longer paying for the Rig EK. This shows that the attackers behind the Purple Fox malware are taking a "Professional approach" by looking to save money and keep their product current, researchers said.

"In essence, the authors behind the Purple Fox malware decided to bring development 'in-house' to reduce costs, just like many legitimate businesses do. Bringing the distribution mechanism 'in-house' also enables greater control over what the EK actually loads."

News URL

https://threatpost.com/microsoft-exploits-purple-fox-ek/157157/