Security News > 2021 > March > Purple Fox Malware Squirms Like a Worm on Windows

Purple Fox Malware Squirms Like a Worm on Windows
2021-03-23 20:37

Malware hunters at Guardicore are warning that an aggressive botnet operator has turned to SMB password brute-forcing to infect and spread like a worm across the Microsoft Windows ecosystem.

The malware campaign, dubbed Purple Fox, has been active since at least 2018 and the discovery of the new worm-like infection vector is yet another sign that consumer-grade malware continues to reap profits for cybercriminals.

According to Guardicore researcher Amit Serper, the Purple Fox operators primarily used exploit kits and phishing emails to build botnets for crypto-mining and other nefarious uses.

"Throughout the end of 2020 and the beginning of 2021, Guardicore Global Sensors Network detected Purple Fox's novel spreading technique via indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes," Serper explained.

The company found the campaign spreading via two distinct mechanisms - a worm payload after a victim machine is compromised through a vulnerable exposed service; or the worm payload is being sent via email through a phishing campaign.

Ryan has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and Kaspersky GReAT. He is a co-founder of Threatpost and the global SAS conference series.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/w-pskMTDmDI/purple-fox-malware-squirms-worm-windows