The Purple Fox botnet operators changed the malware distribution method and began hacking Windows devices by brute-forcing the Server Message Block (SMB) password. This was reported by researchers at Guardicore.
Link: 👉https: //t.co/aCiwsiE57h pic.twitter.com/3AzpIDxkO4
– Guardicore has new research out on #PurpleFox (@Guardicore) March 23, 2021
The hacking campaign has been going on since 2018 and initially used exploit kits and phishing emails. The botnet acquired the properties of the worm only at the end of 2020.
Purple Fox scans ports and unsecured SMB services with weak passwords and hashes, brute-force cracking. Having penetrated the victim’s computer, malware operators build a botnet, the main task of which is hidden cryptocurrency mining.
A rootkit makes it difficult to detect and remove malware.
Guardicore Labs has identified a vast network of compromised Microsoft IIS 7.5 servers that host dropper Purple Fox and its useful data.
Guardicore specialist Amit Serper has released detailed information on the Purple Fox attacks, along with indicators of compromise that will allow victims to identify signs of the worm’s presence.
Earlier in March, Kaspersky Lab experts detected a new malicious program stealing the power of Windows-based systems for mining the Monero cryptocurrency.
Subscribe to ForkLog news on Telegram: ForkLog Feed – the entire news feed, ForkLog – the most important news and polls.
Found a mistake in the text? Select it and press CTRL + ENTER