Malicious Telegram Instal Uses Purple Fox Malware

After cyber-security researchers raised the alarm about bogus Telegram Messenger applications being used to infiltrate devices, the Purple Fox Malware attack is once again making headlines across the world. Someone is spreading two files in a single download, according to cybersecurity specialists Minerva Labs: one is a legal Telegram installer, while the other is an AutoIT software, which is a PurpleFox virus downloader. The Purple Fox Malware was created in 2014 by former Israeli Defense Teams officers who served in elite cyber forces.

“We discovered a huge number of malware installers that used the same attack chain to deploy the same ‘Purple Fox’ rootkit version. Some appear to have been sent by email, while others were obtained via phishing websites”, according to researcher Natalie Zargarov. “The beauty of this approach is that each stage is isolated to a different file which is useless without the entire file set. This aids the attacker in shielding his files from AV (anti-virus) detection”, according to the researcher.

In the course of the study, it was discovered that the threat actor was able to hide much of the assault by dividing it into multiple little files, the majority of which had very poor detection rates by (antivirus) engines, “with the last step leading to Purple Fox rootkit infection.”

The threat actors have discovered that the assaults almost always use genuine software to deliver harmful payloads. CVE-2021-1732 is the name of the vulnerability, and it typically improves rootkit capabilities used in attacks.