SBN

Purple Fox malware: What it is, how it works and how to prevent it

Introduction

Without question, there has been a marked die-off in the usage of Exploit Kits (EK). The Purple Fox exploit kit is a type of malware that is defying this recent trend and has had some new life breathed into it. This slightly stale malware formerly used a third-party EK to achieve its operator’s malicious goals; the new variant of this malware recently had some new Microsoft exploits added to its arsenal. This is typical behavior, and EK operators are trying to ensure the success of it in the face of weekly updates. 

This article will explore Purple Fox and detail what it is, how it works and how you can prevent it. It may be true that EKs are falling to the wayside in the face of other malware, but Purple Fox is demonstrating that there is still a place at the table for EKs.

What is Purple Fox?

Originally a fileless downloader malware (Trojan), Purple Fox was delivered by another EK named RIG and infected at least 30,000 systems. In 2019, it shifted to Windows PowerShell to deliver and retrieve malware and its operators made it the replacement of the RIG EK. 

This means the Purple Fox malware family no longer has to use a third-party EK in attack campaigns and proves that EKs are still an aspect of the threat landscape that needs to be taken seriously. It also highlights that malware is essentially treated like a business, with development being moved in-house to save money.

Targeting vulnerabilities is not a new functionality for Purple Fox, as it has been observed targeting CVE-2018-15982, CVE-2014-6332, CVE-2018-8174, CVE-2015-1701 and CVE-2018-8120 in its original variant. The new and improved variant was first observed in September 2019, loaded with two new high-severity, critical Microsoft exploits. 

The first of (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/bWGhUncGxzc/