Purple Fox, a malware previously distributed via exploit kits and phishing emails, has evolved by adding a worm module that allows it to scan for and infect Windows systems reachable over the Internet in ongoing attacks.
Purple Fox, first discovered in 2018, is malware that used to rely on exploit kits and phishing emails to spread. A new effort has been identified over the last several weeks in which a new method of propagation is leading to increased infections.
Guardicore Labs is reporting Purple Fox is now being spread through “indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes.” They have watched activity climb as far back as May 2020, and even with a lull between November 2020 and January 2021, researchers say overall infection numbers have risen by roughly 600% and total attacks currently stand at 90,000.
Image: Guardicore Labs
“That’s great. Now tell me what it means for me?”
Excellent question. In simpler terms, it means that the malware uses what is called “active port scanning” by searching for Internet-connected Windows devices, and once identified the worm module uses a password brute force to infect it. Basically, an attacker sends millions of password or passphrase combinations in hopes of finding the correct one, thus granting access.
What makes this particularly insidious is the fact that a rootkit will be hidden on your device, which makes detection difficult, and once it launches, whatever system it is on becomes a “probe” or “bot”, not only providing access to other computers in your local network but performing the same port scanning and password brute force to other vulnerable systems on the Internet, making your systems unwitting participants.
“What do I do?”
We are glad you asked. Much of this malware proliferation is confusing and can seem scary, but much of it stems from unpatched systems accessing malicious websites and a haphazard password policy. Below are some tips to help prevent your system(s) from falling victim to Purple Fox.
- Secure and restrict privileges to administrator tools.
- Maintaining regular updates and patches.
- Add more advanced layers of security. Anti-malware solutions that include behavior monitoring and help strengthen intrusions and detection capabilities via AI/machine learning solutions.
- Training, training, training. End-users are the most vulnerable point in most organizations, so it is critical to keep them aware of what to look for and help to avoid problems.
As threats become more sophisticated and evolve, it is critical that we all do as well. Wellforce understands this and works diligently to help our customers strengthen their security postures with the latest security tools and awareness training. Whether it is ransomware, spear phishing, or Purple Fox, your business is too important to be left unprotected. Contact us to speak with one of our security experts and get your free cybersecurity assessment.
It’s time to take cybersecurity seriously.