Purple Fox Trojan
First observed in September 2018, Purple Fox is a backdoor trojan that has been used to install cryptocurrency miners, ransomware tools and spyware on affected devices.
360 Security Center named the Trojan as “Purple Fox”. According to the statistics, at least 30,000 users have been attacked seriously.
Purple Fox is delivered through compromised versions of application downloaders, hosted on legitimate software depository websites. When opened, the application will download a Windows Installer (MSI) package containing both 32 and 64-bit Dynamic-link Library (DLL) versions of Purple Fox. The MSI will then install the correct version on the affected device.
Once installed, Purple Fox will attempt to register itself as a boot-start driver in order to maintain persistence. If successful, it will collect system information before connecting to a command and control server and awaiting further instructions.
Further technical details – https://blog.360totalsecurity.com/en/purple-fox-trojan-burst-out-globally-and-infected-more-than-30000-users/
Indicators Of Compromise
hxxp://216.250.99.5
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.