"PurpleFox Malware Infected Thousands of Systems in Ukraine"

The Computer Emergency Response Team in Ukraine (CERT-UA) recently warned about a PurpleFox malware campaign that has infected at least 2,000 computers in the country.  The CERT-UA noted that the exact impact of this widespread infection and whether it has affected state organizations or regular people's computers hasn't been determined.  PurpleFox (or "DirtyMoe") is a modular Windows botnet malware first spotted in 2018 that comes with a rootkit module allowing it to hide and persist between device reboots.  The CERT-UA noted that it can be used as a downloader that introduces more potent second-stage payloads on compromised systems, offers its operators backdoor capabilities, and acts as a distributed denial of service (DDoS) bot.  CERT-UA monitored infected hosts between January 20 and 31, 2024, detecting 486 intermediate control server IP addresses, most of which are located in China.  The agency noted that PurpleFox's removal is challenging due to its use of a rootkit, but there are still effective methods that can help detect and uproot the malware.

 

BleepingComputer reports: "PurpleFox Malware Infected Thousands of Systems in Ukraine"

Submitted by Adam Ekwall on