Perkiler Malware Used by Purple Fox for Brute Force Attacks

Perkiler is the name assigned to a strain of malware that made headlines by association with the infamous Purple Fox.

Perkiler is dropped by Purple Fox and is used by for brute force attacks on server message blocks (SMB) on systems running outdated versions of Microsoft server products.

Purple Fox, the malware that drops Perkiller, made headlines in recent weeks, by adding worm-like capabilities to its toolkit and resorting to brute force password attacks on SMB of Internet-connected Windows systems. This is not the first time malware attempts to abuse SMB to infiltrate systems. The infamous WannaCry ransomware also included functionality that targeted SMB.

We covered the SMB brute force attacks in another article on Purple Fox and its resurgence, driven by the newly added worm module. However, researchers are still a bit confused why Perkiler and the bad actors behind it decided to do brute force attacks, given the existence of better malicious tools.

Examples include EternalBlue, an exploit developed by the NSA and later leaked to the public by the Shadow Brokers hacker consortium. EternalBlue exploits a vulnerability in Microsoft's SMB protocol, codified as CVE-2017-0144.

Perkiler also has a rootkit component. Its goal is to mask and obscure various malicious components, including Windows registry keys and files.

The rootkit would reboot the compromised system, then execute the malware. Upon running, Perkiler starts probing IPs through port 445. Once a system responds to the probe, it will attempt to brute force the SMB.

Researchers further noted that Perkiler will install an IPv6 interface on the compromised system, so that it can start doing IPv6 port scanning in addition, as this will allow for easier spreading over IPv6 sub-networks which tend to be less protected and poorly monitored.

The suggestions that security researchers provide for avoiding similar brute force attacks include simply getting rid of SMB and if that proves impossible, at the very least running the SMB service behind a multi-factor authenticated VPN.

By Zaib
March 30, 2021
Computer Security
English
March 30, 2021
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News

Kaiji Malware Brute Forces Easy-to-Guess Username and Password Combinations for Successful Attacks

The so-called Internet of Things (IoT) revolution changed the online ecosystem in many different aspects, and cybersecurity is no exception. Hackers knew that smart gadgets and other IoT devices are little more than... Read more

May 8, 2020
Computer Security

Purple Fox Malware Adds Worm Capabilities in New Campaign

Purple Fox is a strain of malware that has been around for a few years now. However, security researchers have reported a new uptick in activity and infections with Purple Fox, largely driven by a new expansion of the... Read more

March 25, 2021
Computer Security

Purple Fox Malware - How to Stay Safe

Security researchers have warned the public of a new campaign that appears to be underway, spreading the Purple Fox malware. Purple Fox is the name of a complicated set of malicious tools that includes exploit kits,... Read more

March 30, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.