Security News > 2020 > July > Purple Fox EK Adds Microsoft Exploits to Arsenal

Purple Fox EK Adds Microsoft Exploits to Arsenal
2020-07-06 15:21

The Purple Fox exploit kit has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks - and researchers say they expect more attacks to be added in the future.

The Purple Fox EK was previously analyzed in September, when researchers said that it appears to have been built to replace the Rig EK in the distribution chain of Purple Fox malware, which is a trojan/rootkit.

Purple Fox previously used exploits targeting older Microsoft flaws, including ones tracked as CVE-2018-8120 and CVE-2015-1701.

By building their own EK for distribution, the authors of the Purple Fox malware have been able to save money by no longer paying for the Rig EK. This shows that the attackers behind the Purple Fox malware are taking a "Professional approach" by looking to save money and keep their product current, researchers said.

"In essence, the authors behind the Purple Fox malware decided to bring development 'in-house' to reduce costs, just like many legitimate businesses do. Bringing the distribution mechanism 'in-house' also enables greater control over what the EK actually loads."


News URL

https://threatpost.com/microsoft-exploits-purple-fox-ek/157157/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2018-05-09 CVE-2018-8120 Improper Resource Shutdown or Release vulnerability in Microsoft Windows 7 and Windows Server 2008
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
local
high complexity
microsoft CWE-404
7.0
2015-04-21 CVE-2015-1701 Unspecified vulnerability in Microsoft products
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
local
low complexity
microsoft
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2820 161 4400