23 matches found
MAL-2025-67437 Malicious code in contemporary-purple-fox (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d42b6c00a6f2fa1c759808554b6744a14352c6e0eb128355bfe7af0fcf8a30b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-55212
Malicious code in contemporary-purple-fox npm...
DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking
The Computer Emergency Response Team of Ukraine CERT-UA has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe. The agency attributed the campaign to a threat actor it calls UAC-0027. DirtyMoe, active since at least 2016, is capable of...
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining
Misconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners. The findings come courtesy of Aqua, which detected more than 800 attacks against its Tomcat server honeypots over a two-year...
Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps
Chinese-speaking individuals in Southeast and East Asia are the targets of a new rogue Google Ads campaign that delivers remote access trojans such as FatalRAT to compromised machines. The attacks involve purchasing ad slots to appear in Google search results and direct users looking for popular...
Purple Fox Rootkit Now Propagates as a Worm
Purple Fox is an active malware campaign targeting Windows machines. Up until recently, Purple Foxâs operators infected machines by using exploit kits and phishing emails...
'Purple Fox' Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks
The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software. "Users' machines are targeted via trojanized software packages...
Purple Fox Uses New Arrival Vector and Improves Malware Arsenal
Purple Fox is an old threat that has been making waves since 2018. This most recent investigation covers Purple Foxâs new arrival vector and early access loaders. Usersâ machines seem to be targeted with malicious payloads masquerading as legitimate application installers...
A week in security (January 3 â 9)
Last week on Malwarebytes Labs: Ransomware attacks Finalsite, renders 8,000 school sites unreachable for days Patchwork APT caught in its own web Sophisticated phishing scheme spent years robbing authors of their unpublished work Google and Facebook fined $240 million for making cookies hard to...
Purple Fox Rootkit Dropped by Malicious Telegram Installers
A malicious Telegram instant-messaging app installer scurries past a slew of antivirus AV engines to deliver Purple Fox malware, evading detection by separating the attack into bite-sized morsels that fly under the radar. In a Monday report, Minerva Labs said that the attack evades detection by A...
Purple Fox rootkit now bundled with Telegram installer
The Purple Fox rootkit is being spread as an installer for the popular Telegram instant messaging app for Windows, according to researchers. Its not clear how the installer in this case was distributed, although it seems like at least some were delivered via email. Common distribution methods for...
Beware of Fake Telegram Messenger App Hacking PCs with Purple Fox Malware
Trojanized installers of the Telegram messaging application are being used to distribute the Windows-based Purple Fox backdoor on compromised systems. That's according to new research published by Minerva Labs, describing the attack as different from intrusions that typically take advantage of...
This Week in Security News - December 17, 2021
This week, read on Purple Foxâs infection chain observed by Trend Microâs Managed XDR. Also, learn about the Log4j vulnerability that has the potential to cause âincalculableâ damage...
A Look Into Purple Foxâs Server Infrastructure
By examining Purple Foxâs routines and activities, both with our initial research and the subject matter we cover in this blog post, we hope to help incident responders, security operation centers SOCs, and security researchers find and weed out Purple Fox infections in their network...
Perkiler malware turns to SMB brute force to spread
Researchers at Guardicore have identified a new infection vector being used by the Perkiler malware where internet-facing Windows machines are breached through SMB password brute force. Perkiler is a complex Windows malware with rootkit components that is dropped by the Purple Fox exploit kit EK...
Watch out as Purple Fox malware with worm module hits Windows
By Waqas According to researchers, Purple Fox malware attacks intensified significantly, and it has launched a total of 90,000 attacks since May 2020. This is a post from HackRead.com Read the original post: Watch out as Purple Fox malware with worm module hits Windows...
Purple Fox Malware Targets Windows Machines With New Worm Capabilities
A malware that has historically targeted exposed Windows machines through phishing and exploit kits has been retooled to add new âwormâ capabilities. Purple Fox, which first appeared in 2018, is an active malware campaign that until recently required user interaction or some kind of third-party...
Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers
Purple Fox, a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities. The ongoing campaign makes use of a "novel spreading technique via indiscriminate port...
Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers
Purple Fox , a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities. The ongoing campaign makes use of a "novel spreading technique via indiscriminate port...
CVE-2021-26411
Internet Explorer Memory Corruption Vulnerability Recent assessments: ccondon-r7 at April 05, 2021 1:20pm UTC reported: There is now public threat intelligence that the Purple Fox exploit kit has incorporated this vulnerability and is exploiting it. gwillcox-r7 at March 11, 2021 5:57pm UTC...