Security News > 2022 > January > Purple Fox malware distributed via malicious Telegram installers
A malicious Telegram for Desktop installer distributes the Purple Fox malware to install further malicious payloads on infected devices.
The installer is a compiled AutoIt script named "Telegram Desktop.exe" that drops two files, an actual Telegram installer, and a malicious downloader.
While the legitimate Telegram installer dropped alongside the downloader isn't executed, the AutoIT program does run the downloader.
The purpose of these extra files is to collectively block the initiation of 360 AV processes and prevent the detection of Purple Fox on the compromised machine.
Disabling it permits Purple Fox to perform malicious functions such as file search and exfiltration, process killing, deletion of data, downloading and running code, and even worming to other Windows systems.
At this time, it unknown how the malware is being distributed but similar malware campaigns impersonating legitimate software were distributed via YouTube videos, forum spam, and shady software sites.