Purple Fox Malware - How to Stay Safe

Security researchers have warned the public of a new campaign that appears to be underway, spreading the Purple Fox malware. Purple Fox is the name of a complicated set of malicious tools that includes exploit kits, Trojan capabilities and most recently - worm-like functionality as well.

Purple Fox was originally primarily spread using exploit kits, but that was back in 2018. The threat actors behind the malware have been upgrading and further developing Purple Fox and the most recent addition has been worm-like capabilities. In addition to the exploit kits attack vector Purple Fox uses phishing email campaigns containing malicious links.

The new surge in Purple Fox attacks began in early 2021, after a brief pause in activity from the group operating the malware. The upheaval in infections was spearheaded by the addition of the worm module to the malware.

The worm spreads using a network of compromised systems, running outdated versions of Microsoft Server for the most part. In the most current campaign, the final payload is delivered in the shape of a fake Windows MSI installer.

The malware's first-stage payload attempts to achieve code execution capabilities, as it will need them to set up persistence and grab the main payload from a remote server. Once the main payload has been deployed, removal becomes even more difficult. The Purple Fox malware is also associated with the Perkiler malware, which uses Purple Fox as a dropper. Perkiler is the component responsible for the brute forcing of server message block passwords that we covered in our previous article on Purple Fox.

As with all malicious software, the best defense against infection is prevention. Cleaning a malware as complicated and as multi-faceted as Purple Fox from a home computer is a task that is very likely beyond the capabilities of the regular user.

Safety First - How to Stay Ahead of Malware

What a regular user can do, however, is stay protected and avoid infection in the first place.

First and foremost, keep your Windows updated at all times. Do not delay updates and do not attempt to turn off the integrated updating service, even if it may seem inconvenient to follow Microsoft's update schedule and do forced system reboots at odd times. A fully updated operating system is the first step towards good home computer protection.

Additionally, home users would do well to always run a fully-featured, up-to-date anti-malware system. Even Windows Defender has pretty decent detection capabilities and will keep you safe from a lot of threats.

Those who want an extra layer of protection should install a discrete anti-malware suite as well. Keep your anti-malware tool updated at all times, just like your OS, to significantly reduce the risk of infection of any type of malware, from the minor annoyances like PUPs, to even some ransomware strains.


March 30, 2021

Leave a Reply