Security News > 2022 > January > Beware of Fake Telegram Messenger App Hacking PCs with Purple Fox Malware

Trojanized installers of the Telegram messaging application are being used to distribute the Windows-based Purple Fox backdoor on compromised systems.

First discovered in 2018, Purple Fox comes with rootkit capabilities that allow the malware to be planted beyond the reach of security solutions and evade detection.

Then in October 2021, Trend Micro researchers uncovered a.NET implant dubbed FoxSocket deployed in conjunction with Purple Fox that takes advantage of WebSockets to contact its command-and-control servers for a more secure means of establishing communications.

"The rootkit capabilities of Purple Fox make it more capable of carrying out its objectives in a stealthier manner," the researchers noted.

Subsequently, the downloaded files proceed to block processes associated with different antivirus engines, before advancing to the final stage that results in the download and execution of the Purple Fox rootkit from a now-shut down remote server.

"We found a large number of malicious installers delivering the same Purple Fox rootkit version using the same attack chain," Zargarov said.

News URL

https://thehackernews.com/2022/01/beware-of-fake-telegram-messenger-app.html