Security News

A malware that has historically targeted exposed Windows machines through phishing and exploit kits has been retooled to add new "Worm" capabilities. Purple Fox, which first appeared in 2018, is an active malware campaign that until recently required user interaction or some kind of third-party tool to infect Windows machines.

Purple Fox, a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities. Msi" payloads hosted on nearly 2,000 compromised Windows servers that, in turn, download and execute a component with rootkit capabilities, which enables the threat actors to hide the malware on the machine and make it easy to evade detection.

Purple Fox, a malware previously distributed via exploit kits and phishing emails, has now added a worm module that allows it to scan for and infect Windows systems reachable over the Internet in ongoing attacks. Purple Fox's exploit kit module has also targeted Windows systems in the past [1, 2] to infect Windows users through their web browsers after exploiting memory corruption and elevation of privilege vulnerabilities.

Malware hunters at Guardicore are warning that an aggressive botnet operator has turned to SMB password brute-forcing to infect and spread like a worm across the Microsoft Windows ecosystem. The malware campaign, dubbed Purple Fox, has been active since at least 2018 and the discovery of the new worm-like infection vector is yet another sign that consumer-grade malware continues to reap profits for cybercriminals.

Lawrence Abrams Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes malware removal and computer forensics.

Microsoft has shared a workaround for customers experiencing 0xc004c003 activation failures on Windows 10, version 2004 and 20H2 devices after installing the January 2021 monthly "C" release KB4598291 preview update. "This issue might occur when you try to activate the operating system with an OEM Activation 3.0 Digital Product Key," Microsoft explains.

The printer fixing roller coaster continues as Microsoft is once again rolling out the KB5001649 out-of-band update to users via Windows Update. After installing the March 2021 Patch Tuesday updates, users began reporting that Windows 10 would crash when printing or print jobs would be missing graphics elements, have blank pages, or other issues.

With the release of the latest Windows 10 preview 'Dev' build, Microsoft is offering a glimpse at some of the new features and changes they are developing. For those unfamiliar, Microsoft added a virtual desktops feature in the Windows 10 April 2018 Update, and it allows you to maintain different desktops for open apps, instances of Microsoft Word, etc.

Microsoft has paused the Windows 10 KB5001649 cumulative update rollout, likely due to installation issues and reported crashes. Microsoft is now offering the previously released KB5001567 emergency update instead. The March 2021 updates have been a complete mess when printing, with update after update causing new issues to arise.

Project Zero, Google's zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year. The Project Zero team revealed that the hacking group behind these attacks ran two separate campaigns, in February and October 2020.