Cybersecurity researchers have warned that phony Telegram Messenger apps are actively infecting devices, including PCs, with malware based on Windows that can compromise your data as it works around installing anti-virus programs.
Research from Minerva Labs, which was founded in 2014 by former Israeli military officers who served in elite cyber forces, claims that the Windows-based ‘Purple Fox’ backdoor is being spread on compromised devices through phony Telegram installers.
“We discovered multiple malicious installers were dispersing the identical ‘Purple Fox’ rootkit version through the same attack vector. According to researcher Natalie Zargarov, “Some appear to have been delivered via email, while others we assume were downloaded from phishing websites.”
“This attack’s greatest feature is that each step is linked to a separate file, meaning that it is meaningless without the full collection of files. This aids in the attacker’s file protection against antivirus (AV) detection,” the researchers said.
After conducting an examination, they discovered that the threat actor had divided the attack into multiple little files, the majority of which had very low detection rates by (antivirus) engines, “with the final stage leading to Purple Fox rootkit infection.” This allowed the threat actor to keep most of the attack hidden from detection.
The malware, known as “Purple Fox,” which was first identified in 2018, has rootkit characteristics that enable it to be planted outside the detection range of anti-virus programs, according to thehackernews.com.