For the past week, Microsoft Windows has shown recent news regarding its update, patching the Blue Screen of Death (BSOD) while printing and patching exploit CVE-2017-11882, now, news arises regarding a malware spreading its attack by Purple Fox, Purple Fox is a malware that has been present since 2018, a week-long ongoing the campaign of malware distribution is getting more and more aggressive. Purple Fox malware usually relies on exploit kits and phishing emails, researchers discovered predicted that this malware can be highly infectious, and more victims have fallen into its spreading.
Gaurdicore Labs on its blog on Tuesday released information, stating this malware was being spread through indiscriminate port scanning and exploitation of exposing SMB services with passwords and hashes. Its large spread was greatly active back in May 2020, but from November to January was quiet. The overall number of infections has increased by roughly 600% and 90,000 total attacks.
The Purple Fox malware is targeting Microsoft Windows machines, Gaurdicore Labs researchers stating the malware works when a code execute in a targeted machine, persistence is managed through the creation of a new service that twists the commands and pulls Purple Fox payloads from malicious URLs. Gaurdicore Labs said “hodge-podge of vulnerable and exploited servers” is hosting initial malware payload, the infection chains start through internet-facing services that have vulnerabilities, like SMB, phishing, brute-force attacks, or rootkits and RIG. For now, almost 2,000 servers are hijacked by Purple Fox.