Purple Fox rootkit discovered in malicious Telegram installers

Researchers have warned that the Purple Fox rootkit is now being distributed through malicious, fake Telegram installers online.

This week, the Minerva Labs cybersecurity team, working with MalwareHunterTeam, said that Purple Fox is being disguised through a file named “Telegram Desktop.exe.” Those that believe they are installing the popular messaging service are, instead, becoming laden with the malware — and the infection process has made it more difficult to detect.

First discovered in 2018, Purple Fox has been spread through a variety of means, including phishing emails, malicious links, and exploit kits. However, in the past few years, distribution methods have expanded to include compromising vulnerable internet-facing services, exposed SMB services, and fake installers.

Read more…
Source: ZDNet