New Delhi: Cyber-security specialists have cautioned that fake Telegram Messenger apps are currently attacking devices, including PCs, with Windows-based malware that can put your information at risk since it evades installed anti-virus systems.
Fake Telegram messaging app installers are being used to deliver the Windows-based ‘Purple Fox’ backdoor on hacked devices, according to research by Minerva Labs, which was created in 2014 by former Israeli Defense Forces officers who served in elite cyber forces.
“We found a large number of malicious installers delivering the same ‘Purple Fox’ rootkit version using the same attack chain. It seems like some were delivered via email, while others, we assume, were downloaded from phishing websites,” said researcher Natalie Zargarov.
“The beauty of this attack is that every stage is separated into a different file, which is useless without the entire file set. This helps the attacker protect his files from AV (anti-virus) detection,” the researcher informed.
During the investigation, they found that the threat actor was able to leave most parts of the attack under the radar by separating the attack into several small files, most of which had very low detection rates by (antivirus) engines, “with the final stage leading to Purple Fox rootkit infection.”
According to reports, “Purple Fox,” which was first identified in 2018, has rootkit characteristics that allow the malware to be planted beyond the reach of anti-virus programmes.
Trend Micro researchers discovered a Dot NET implant called FoxSocket that was used in combination with Purple Fox in October 2021.
The researchers noted that “the rootkit capabilities of Purple Fox make it more capable of carrying out its objectives in a stealthier manner.”
“They allow Purple Fox to persist on affected systems as well as deliver further payloads to affected systems.”
Zargarov stated that they have frequently noticed threat actors dumping infected files using legal applications.
“This time, however, is different. The researcher noted that this threat actor was able to leave most parts of the attack under the radar by separating the attack into several small files, most of which had very low detection rates by AV engines, with the final stage leading to Purple Fox rootkit infection,” the researcher noted.
This content was originally published here.