NewsSecurity Vulnerabilities

Purple Fox Trojan

First observed in September 2018, Purple Fox is a backdoor trojan that has been used to install cryptocurrency minersransomware tools and spyware on affected devices.

360 Security Center named the Trojan as “Purple Fox”. According to the statistics, at least 30,000 users have been attacked seriously.

Purple Fox is delivered through compromised versions of application downloaders, hosted on legitimate software depository websites. When opened, the application will download a Windows Installer (MSI) package containing both 32 and 64-bit Dynamic-link Library (DLL) versions of Purple Fox. The MSI will then install the correct version on the affected device.

Once installed, Purple Fox will attempt to register itself as a boot-start driver in order to maintain persistence. If successful, it will collect system information before connecting to a command and control server and awaiting further instructions.

Further technical details – https://blog.360totalsecurity.com/en/purple-fox-trojan-burst-out-globally-and-infected-more-than-30000-users/

Indicators Of Compromise

hxxp://216.250.99.5



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.