PurpleFox malware infects thousands of computers in Ukraine

The Computer Emergency Response Team in Ukraine is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country.
The exact impact of this widespread infection and whether it has affected state organizations or regular people's computers hasn't been determined, but the agency has shared detailed information on how to locate infections and remove the malware.
PurpleFox is a modular Windows botnet malware first spotted in 2018 that comes with a rootkit module allowing it to hide and persist between device reboots.
It can be used as a downloader that introduces more potent second-stage payloads on compromised systems, offers its operators backdoor capabilities, and can also act as a distributed denial of service bot.
In October 2021, researchers noticed that new versions of PurpleFox switched to using WebSocket for command and control communications for stealth.
In January 2022, a campaign spread the malware under the guise of a Telegram desktop app.
CERT-UA used IoCs shared by Avast and TrendMicro to identify PurpleFox malware infections on Ukrainian computers, tracking the activity under the identifier 'UAC-0027.'.
CERT-UA says PurpleFox typically infects systems when victims launch laced MSI installers and highlights its self-propagation capabilities using exploits for known flaws and password brute-forcing.
The agency recommends isolating systems that run outdated OS versions and software using VLAN or physical network segmentation with incoming/outgoing filtering to prevent spreading.
CERT-UA monitored infected hosts between January 20 and 31, 2024, detecting 486 intermediate control server IP addresses, most of which are located in China.
CERT-UA notes that PurpleFox's removal is challenging due to its use of a rootkit, but there are still effective methods that can help detect and uproot the malware.
Verify the persistent execution of the malware, which uses services and stores files in specific directories, impeded by a rootkit from detection/removal.
Boot from LiveUSB or connect the infected drive to another computer.
Boot normally and remove the service from the registry.
To avoid re-infection from PurpleFox, which is very likely if there are still infected machines on the same network, enable the firewall on Windows and create a rule to block incoming traffic from ports 135, 137, 139, and 445.
Bigpanzi botnet infects 170,000 Android TV boxes with malware.
FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials.
QNAP VioStor NVR vulnerability actively exploited by malware botnet.
Stealthier version of P2Pinfect malware targets MIPS devices.
Hackers push USB malware payloads via news, media hosting sites.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 01 Feb 2024 19:10:09 +0000


Cyber News related to PurpleFox malware infects thousands of computers in Ukraine

PurpleFox malware infects thousands of computers in Ukraine - The Computer Emergency Response Team in Ukraine is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. The exact impact of this widespread infection and whether it has affected state organizations or ...
10 months ago Bleepingcomputer.com
PurpleFox malware infected thousands of systems in Ukraine - The Computer Emergency Response Team in Ukraine is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. The exact impact of this widespread infection and whether it has affected state organizations or ...
10 months ago Bleepingcomputer.com
Threat landscape for industrial automation systems, Q1 2024 - In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of ICS ...
6 months ago Securelist.com
Exclusive: Ukraine says joint mission with US derailed Moscow's cyberattacks - On a Wednesday afternoon in late September, the head of the cyber division of Ukraine's intelligence service, Illia Vitiuk, sat down to discuss something that Ukraine had previously kept close to the vest - specifically how much a joint hunt forward ...
1 year ago Therecord.media
Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
9 months ago Securelist.com
Russia Set to Ramp Up Attacks on Ukraine's Allies This Winter - Russia is set to ramp up cyber campaigns targeting Ukraine's allies as kinetic warfare slows this winter, according to a report by Cyjax. Researchers noted that Russia's missile production is struggling to keep pace with its tactical, operational and ...
1 year ago Infosecurity-magazine.com
Variants of RussianSupported Gamaredons Malware Aimed at Ukrainian Government Agencies - The State Cyber Protection Centre of Ukraine has identified the Russian state-sponsored threat actor known as Gamaredon for its cyber attacks on public authorities and critical information infrastructure in the country. This advanced persistent ...
1 year ago Thehackernews.com
Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
5 months ago Pandasecurity.com
Zeus, IcedID malware gangs leader pleads guilty, faces 40 years in prison - Ukrainian national Vyacheslav Igorevich Penchukov, one of the heads of the notorious JabberZeus cybercrime gang, has pleaded guilty to charges related to his leadership roles in the Zeus and IcedID malware groups. Penchukov was arrested in ...
10 months ago Bleepingcomputer.com
Ukraine says Russia hacked web cameras to spy on targets in Kyiv - Ukraine's security officers said they took down two online surveillance cameras that were allegedly hacked by Russia to spy on air defense forces and critical infrastructure in Ukraine's capital, Kyiv. The cameras were installed on residential ...
11 months ago Therecord.media
PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
10 months ago Securityintelligence.com
How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
8 months ago Pandasecurity.com
February 2024's Most Wanted Malware: WordPress Websites Targeted by Fresh FakeUpdates Campaign - Our latest Global Threat Index for February 2024 saw researchers uncover a fresh FakeUpdates campaign compromising WordPress websites. These sites were infected using hacked wp-admin administrator accounts, with the malware adapting its tactics to ...
9 months ago Blog.checkpoint.com
New Report Uncovers NikoWiper Malware Used to Attack Ukraine Energy Sector - The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. The NikoWiper is based on SDelete, a command line utility from ...
1 year ago Thehackernews.com
How to Extract Malware Configurations in a Sandbox - The most sought-after source of these indicators is malware configurations. Malware Sandboxing Leader ANY.RUN handles the heavy lifting of phishing and malware analysis for SOC and DFIR teams and also helps 300,000 professionals use the platform to ...
10 months ago Gbhackers.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)