An upgraded version of the Purple Fox malware, which has been around since 2018, has been observed in a new aggressive and expanding campaign. The malware historically relied on exploit kits and phishing emails to spread until recently when researchers found a weeks-long campaign that utilized the malware variant. The campaign is still ongoing, according to researchers. The campaign has revealed a new propagation method for Purple Fox leading to high infection tolls and a larger number of victims than its previous phishing and exploit kit techniques.
On Tuesday, Gaurdicore Labs released information on the malware, stating that it was being spread through indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes. Gaurdicore found that the malware began to increase its activity in May 2020. However, there was a short lull from November to January. According to Gaurdicore, overall infection numbers have raised by 600% and total attacks currently total 90,000.
Read More: Purple Fox malware evolves to propagate across Windows machines