Purple Fox originated in 2018 as a fileless downloader trojan delivered by an exploit kit that infected over 30,000 devices.
Historically, it required some sort of user interaction or third-party tools to infect devices and was mainly spread through phishing or exploit kits. However, this malware has recently resurrected and metamorphosed into a Windows worm.
So, what type of Windows devices does Purple Fox target? How can we protect ourselves?
The Re-Invented Purple Fox
The developers of Purple Fox have re-configured this malware by adding a worm module. The attack is initiated with a phishing email that delivers the worm payload that automatically scans for and infects Windows-based systems.
This new vector can use a brute force attack to access a system by simply scanning for vulnerable ports. Once a target port is found, Purple Fox infiltrates it and propagates the infection.
The leading research organization on cybersecurity, Guardicore Labs confirms that a new worm variant of the Purple Fox has indeed been found.
How Does Purple Fox Infect Devices?
Leading industry experts believe that the Purple Fox malware has added a new propagation technique that resorts to SMB brute-force attacks to infect machines. This new variant of Purple Fox works by scanning the exposed ports of internet-facing Windows computers with passwords that aren’t strong enough.
By guessing weak passwords for Windows user accounts through the SMB—the part of the machine that allows Windows to communicate with other devices like file servers and printers—the malware spears its way into a vulnerable device.
Once the Purple Fox has accessed a target, it stealthily installs a rootkit that keeps the malware hidden inside the device, making it hard to detect. It then generates a list of IP addresses and scans the internet for at-risk devices to infect further, thus creating an ever-growing network of vulnerable devices.
What Type of Windows-Based Devices Are at Risk?
The distinguishing feature of the new Purple Fox malware is that it targets machines running the Microsoft Windows operating system and repurposes compromised devices to host the malware.
Currently, Purple Fox malware is being used to distribute information stealers, crypto miners, ransomware, and Trojans.
According to Guardicore Labs, the majority of affected devices are running older versions of Windows Server with Internet Information Services (IIS) version 7.5 and Microsoft FTP and servers using Microsoft RPC, Microsoft Server SQL Server 2008 R2, and Microsoft HTTP API httpd 2.0, and Microsoft Terminal Service.
How To Protect Yourself From a Purple Fox Attack
Here are a few best practices that can help you steer clear of Purple Fox.
Observe the Indicators of Compromise (IoC)
Investing in data forensics and looking into the public indicators of compromise can be the first step in mitigating the Purple Fox attack.
Most security tools already have IoCs built into their platforms and by keeping up with the recent IoCs, you can easily uncover data breaches and malware infections.
Guardicore labs have also issued a public list of IoCs in reference to the Purple Fox threat and have been urging security professionals and malware hunters to consult it frequently.
Patch the Worm
Purple Fox has a unique attribute: it also attacks past vulnerabilities that were already patched up. Therefore, it is imperative to threat-hunt your environment to weed out prior infections.
Once the infections are discovered, patching and updating them constantly is the key to preventing this type of malware.
You should also look into virtual patching for legacy or embedded systems or software.
Conduct a Security and IT Audit
Conducting security audits is an easy way to identify weaknesses and fix potential loopholes in security systems.
If you work for a big company, getting all devices inspected by the IT department is recommended as Purple Fox mainly targets vulnerable devices.
Employ Principle of Least Privilege (POLP)
To protect corporate networks, the principle of least privilege should be implemented by restricting permission controls. It is best practice to limit the usage of tools that should be reserved for IT and System Administrators.
The more restrictive the security policies, the lesser the chances of invasion.
Deploy Behavior Monitoring
Behavioral monitoring is a great way to pinpoint unusual activities and proactively manage them.
Managing behavioral tools like Redscan can analyze data from a variety of sources and employ machine learning mechanisms to identify attack patterns.
Invest in a Sandbox
Sandboxes are a great option for preventing malware like Purple Fox. A sandbox can quarantine suspicious files and help analyze them further.
There are some great sandbox options to investigate suspicious websites including PhishCheck and VirusTotal. You could also try Urlscan, a free scanner that employs an automated process to browse URLs and then record the activity.
Firewalls and Intrusion Prevention Systems
A combination of intrusion detection systems like firewalls and Intrusion Prevention Systems (IPS) like the McAfee Network Security Platform should be employed to analyze and monitor inbound and outbound traffic on your home or work network.
Implement Cybersecurity Awareness Training
In order to mitigate a security threat, you need to be able to detect it first. Implementing cybersecurity awareness training for both your home and work lives should be a priority.
Employers should cultivate cybersecurity awareness training across the board: more naive employees can pose the biggest risks by becoming easy targets for phishing attacks and downloading malware.
Outfox the Purple Fox
Purple Fox attacks are now gaining momentum and the total number of infected devices stands at a staggering 90,000. Its newest infection vector hunts down Windows machines that are actively connected to the internet and have exposed vulnerabilities.
Beating the cunning Purple Fox and or any type of cyberattack is no easy feat but don’t get discouraged. With just a bit of practice, a fair degree of caution, and a whole load of tips and tricks in combating hackers, you can certainly outfox the Purple Fox!