CALL TODAY! +1 212 222 7061
  • Home
  • Contact Us
  • Blog
  • 24×7 Cyber 911 Response
Report incident
  • IR & Forensics
    • Digital Forensics Services
    • Cyber Incident Response Retainer
    • Cyber Incident Response
    • Data Breach Response
    • Digital Forensics
    • Ransomware Response
    • Bitcoin Payments
  • Proactive Security
    • Proactive Cyber Defense Services
    • Managed Threat Hunting & Response
    • Remote Cybersecurity Suite
    • The Daily T.R.U.T.H.
    • Remote Worker Cyber Resilience
    • Post Ransomware Threat Hunting Services
    • Cyber Threat Hunting
    • Penetration Testing
    • Secure Code Review
    • Phishing Attack Simulation
    • Managed Detection and Response
    • Ransomware Protection Package
    • Business Email Compromise
  • Advisory
    • Cybersecurity Advisory Services
    • CISO as a Service
    • Gap Assessment
    • Cyber Resilience & Response
    • Compliance Advisory
    • Cloud Security Advisory
    • Project Management as a Service (PMaaS)
    • Tabletop Exercises
    • Cyber Resiliency Training
  • SecurityScorecard
    • Request a Demo
    • Security Data
    • Security Ratings
    • Market Place
    • Security Assessments
  • Resources
    • Case Studies
    • Technical Tools
    • Technical Guides
    • White Papers
    • Cyber Interviews, Tips & FAQ
  • Company
    • About LIFARS
    • About SecurityScorecard
    • Notable Cases and Evidence Contribution
    • Meet the Team
    • Clients Advisory Board
    • LISIRT – Computer Security IR Team
    • Cyber Alliances
    • Insurance Panels
    • Cyber Events & Webinars
    • Cyber Press Room
    • Career in CyberSecurity
    • Cyber Security Training Videos
    • LIFARS SMS Alerts
    • Hackbits Podcast

Purple Fox Malware Now Evolves to Spread Itself Across Windows Machines

04/9/21
Purple Fox Malware Now Evolves to Spread Itself Across Windows Machines

Purple Fox has incorporated a new technique into its arsenal, allowing it to spread itself across windows machines. Essentially, Purple Fox is a Windows malware. Previously, it acquired a bad name for infecting systems by leveraging phishing emails and exploit kits.

 

Do you need the cloud security advisory services? LIFARS can help you maintain your compliance and assess your current approach to build a strong security foundation.

 

Ongoing Campaign

Purple Fox malware is now carrying out indiscriminate port scanning and exploitation of vulnerable SMB services containing weak passwords and hashes. It has achieved a new spreading technique by doing it, and it is what we are witnessing in the ongoing campaign.

Once the Purple Fox malware infects, it interrupts and blocks multiple ports, such as 445, 139, and 135. It does so to prevent the machine from being re-infected and get the system misused by a cyber threat actor. In the next stage, Purple Fox malware starts its spreading interaction by generating IP ranges as well as scanning them on port 445.

Guardicore researchers claim that attacks grew by 600% since May last year. According to the estimates, a total of 90,000 incidents have got spotted.

Guardicore Labs have also spotted a new infection vector of the Purple Fox malware. It exists whereby internet-facing Windows machines got breached via SMB (Server Message Block) password brute force. Additionally, the malware includes a rootkit, providing threat actors the capability to conceal the malware running on the given machine.

Likewise, Guardicore claims that the Purple Fox malware has not altered much post-exploitation. Still, it adopted a worm-like behavior, enabling Purple Fox to spread quite fast.

Historical Roots

Purple Fox came into the limelight for the first time in March 2018. Specifically, the malware targets Microsoft Windows machines. Meanwhile, it repurposes the undermined systems to host malicious payloads.

As indicated by Guardicore Labs, the initial malware payload got hosted in the exploited servers. Interestingly, several servers were peddling older versions of Windows Server with IIS (Internet Information Services) version 7.5. By now, Purple Fox botnet operators have hijacked by and large 2,000 servers.

Conclusion

Last spring and summer, experts observed that Purple Fox has engaged in significant malicious activity. Later on, the activity went slightly down toward the edge of the year. Nevertheless, it acquired the pace again in early 2021.

This new contaminating approach is another indication of criminal operators. They are continually revising their malware dispersion procedure to infect as many systems as possible. But at the same time, you can contact us now to build sustainable cyber resiliency with our Proactive Security Services.

 

 

References

Purple Fox evolves to show worm-like behavior.

Purple Fox malware can now propagate to other Windows machines.

Purple Fox malware aims at Windows machines with the addition of new worm capabilities.

Purple Fox is on a spreading-spree towards other Windows computers.

Related Posts

Share this:

  • Tweet
  • Pocket
  • WhatsApp
  • Email
  • Telegram
  • Share on Tumblr

subscribe for cybersecurity newsletter

LIFARS Cyber Security Training

  • Digital Forensics
    • Computer Forensics Services
    • LISIRT – LIFARS Computer Security Incident Response Team
    • Cyber Incident Response Retainer
    • Cyber Incident Response
    • Data Breach Response
    • Digital Forensics
    • Ransomware Response
    • Bitcoin Payments
  • Cybersecurity
    • Proactive Cyber Security
    • Managed Cybersecurity Threat Hunting & Response Service
    • Post Ransomware Threat Hunting Services
    • The Daily TRUTH
    • Remote Worker Cyber Resilience
    • Penetration Testing
    • Secure Code Review
    • Cyber Threat Hunting
    • Phishing Attack Simulation
  • Security Advisory
    • Cybersecurity Advisory and Consulting Services
    • CISO as a Service
    • Gap Assessment
    • Cyber Resilience Subscription
    • Compliance Advisory
    • Cloud Security Advisory Services
    • Tabletop Exercises
    • Cyber Resiliency Training
  • Resources
    • Case Studies
    • Technical Tools
    • Technical Guides
    • White Papers
    • Cyber Interviews, Tips & FAQ
    • Cyber Events
    • Webinars
    • QuBit Conference
  • Company
    • About Us
    • LIFARS Leadership
    • Alliances
    • Clients Advisory Board
    • Join US!
    • Video Gallery
    • Blog
    • Newsletter
    • Press Room
  • Contact Us
    contact@lifars.com
    (212) 222-7061
    LIFARS, LLC
    244 Fifth Avenue
    Suite 2035
    New York, NY 10001

© 2022 LIFARS, a SecurityScorecard company

  • Privacy Policy
  • Cookie Policy