Source |
TrendLabs Security |
Identifiant |
1317863 |
Date de publication |
2019-09-09 12:07:05 (vue: 2019-09-10 19:00:06) |
Titre |
\'Purple Fox\' Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell |
Texte |
This new iteration of Purple Fox that we came across, also being delivered by Rig, has a few new tricks up its sleeve. It retains its rootkit component by abusing publicly available code. It now also eschews its use of NSIS in favor of abusing PowerShell, making Purple Fox capable of fileless infection. It also incorporated additional exploits to its infection chain, most likely as a foolproof mechanism to ensure that it can still infect the system. Purple Fox is a downloader malware; besides retrieving and executing cryptocurrency-mining threats, it can also deliver other kinds of malware.
|
Envoyé |
Oui |
Condensat |
abuses abusing across additional also appeared available being besides came can capable chain code component cryptocurrency deliver delivered downloader ensure eschews executing exploit exploits favor fileless first foolproof fox has incorporated infect infection iteration its kinds kit likely making malware malware; mechanism mining most new now nsis other post powershell publicly purple retains retrieving rig rookit rootkit sleeve system threats tricks use |
Tags |
Malware
|
Stories |
|
Notes |
★★★★
|
Move |
|