Security News > 2021 > March > Purple Fox Malware Targets Windows Machines With New Worm Capabilities
A malware that has historically targeted exposed Windows machines through phishing and exploit kits has been retooled to add new "Worm" capabilities.
Purple Fox, which first appeared in 2018, is an active malware campaign that until recently required user interaction or some kind of third-party tool to infect Windows machines.
"Guardicore Labs have identified a new infection vector of this malware where internet-facing Windows machines are being breached through SMB password brute force," Guardicore Labs' Amit Serper said.
In addition to these new worm capabilities, Purple Fox malware now also includes a rootkit that allows the threat actors to hide the malware on the machine and make it difficult to detect and remove, he said.
Researchers analyzed Purple Fox's latest activity and found two significant changes to how attackers are propagating malware on Windows machines.
Purple Fox is only the latest malware to be retooled with "Worm" capabilities - other malware families like the Rocke Group and the Ryuk ransomware have also added self-propagation functionalities.
News URL
https://threatpost.com/purple-fox-malware-windows-worm/164993/
Related news
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)