Purple Fox | Breaking Cybersecurity News | The Hacker News

The operators of the  Purple Fox malware  have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software. "Users' machines are targeted via trojanized software packages masquerading as legitimate application installers," Trend Micro researchers  said  in a report published on March 25, 2022. "The installers are actively distributed online to trick users and increase the overall botnet infrastructure." The findings follow  prior research  from Minerva Labs that shed light on a similar modus operandi of leveraging fraudulent Telegram applications to distribute the backdoor. Other disguised software installers include WhatsApp, Adobe Flash Player, and Google Chrome. These packages act as a first-stage loader, triggering an infection sequence that leads to the deployment of a second-stage payload from a remote server and culminating i...

Trojanized installers of the Telegram messaging application are being used to distribute the Windows-based Purple Fox backdoor on compromised systems. That's according to new research published by Minerva Labs, describing the attack as different from intrusions that typically take advantage of legitimate software for dropping malicious payloads. "This threat actor was able to leave most parts of the attack under the radar by separating the attack into several small files, most of which had very low detection rates by [antivirus] engines, with the final stage leading to Purple Fox rootkit infection," researcher Natalie Zargarov  said . First discovered in 2018, Purple Fox comes with rootkit capabilities that allow the malware to be planted beyond the reach of security solutions and evade detection. A March 2021 report from Guardicore  detailed  its worm-like propagation feature, enabling the backdoor to spread more rapidly. Then in October 2021, Trend Micro researche...

Organizations now use an average of 112 SaaS applications —a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microsoft 365 SaaS-to-SaaS connections on average per deployment. And that's just one major SaaS provider. Imagine other unforeseen critical security risks: Each SaaS app has unique security configurations —making misconfigurations a top risk. Business-critical apps (CRM, finance, and collaboration tools) store vast amounts of sensitive data, making them prime targets for attackers. Shadow IT and third-party integrations introduce hidden vulnerabilities that often go unnoticed. Large and small third-party AI service providers (e.g. audio/video transcription service) may not comply with legal and regulatory requirements, or properly test and review code. Major SaaS providers also have thous...