Security News > 2021 > March > Purple Fox Malware Targets Windows Machines With New Worm Capabilities
A malware that has historically targeted exposed Windows machines through phishing and exploit kits has been retooled to add new "Worm" capabilities.
Purple Fox, which first appeared in 2018, is an active malware campaign that until recently required user interaction or some kind of third-party tool to infect Windows machines.
"Guardicore Labs have identified a new infection vector of this malware where internet-facing Windows machines are being breached through SMB password brute force," Guardicore Labs' Amit Serper said.
In addition to these new worm capabilities, Purple Fox malware now also includes a rootkit that allows the threat actors to hide the malware on the machine and make it difficult to detect and remove, he said.
Researchers analyzed Purple Fox's latest activity and found two significant changes to how attackers are propagating malware on Windows machines.
Purple Fox is only the latest malware to be retooled with "Worm" capabilities - other malware families like the Rocke Group and the Ryuk ransomware have also added self-propagation functionalities.
News URL
https://threatpost.com/purple-fox-malware-windows-worm/164993/
Related news
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)