Fake Wire Cybersecurity researchers warn that Messenger apps are currently hacking devices including PCs with Windows-based malware that could put your information at risk as it evades installed anti-virus systems.
According to a report by Minerva Labs, founded in 2014 by former Israeli Defense Forces officers who served in elite cyber forces, fake installers of the Telegram messaging application were used to distribute Windows-based ‘Purple Fox’ backdoors on compromised systems. is being done for. ,
“We found a large number of malicious installers distributing the same ‘Purple Fox’ rootkit version using the same attack chain. Some appear to have been distributed via email, while others we believe are phishing.” websites,” said researcher Natalie Zargarov.
“The beauty of this attack is that each step is split into a separate file which is useless without the entire file set. This helps the attacker to protect his files from AV (anti-virus) detection,” the researcher said. told.
During the investigation, they found that the threat actor was able to separate most of the attack parts under the radar into several smaller files, most of which had a very low detection rate by the (antivirus) engine,” with the final step Leading to Purple Fox Rootkit Infection”.
First discovered in 2018, ‘Purple Fox’ rootkit comes with capabilities that allow malware to be installed beyond the reach of anti-virus solutions, reports thehackernews.com.
In October 2021, Trend Micro researchers revealed a .NET implant called FoxSocket deployed in conjunction with Purple Fox.
“Purple Fox’s rootkit capabilities enable it to accomplish its objectives stealthily,” the researchers said.
“They allow Purple Fox to remain on the affected systems as well as deliver further payloads to the affected systems.”
Zargarov said he has often seen threat actors using legitimate software to drop malicious files.
“However, this time is different. This threat actor was able to leave most parts of the attack under the radar by separating the attack into several smaller files, most of which had a very low detection rate by the AV engine, in the final stages.” Purple Fox was leading to rootkit infection, the researcher noted.
read all breaking news, today’s fresh news And coronavirus news Here.
,