News Tech and Science

Fake Telegram Messenger apps are used for hacking devices with lethal malware that evades anti-virus

Fake Telegram Messenger apps
Source: Pixabay

According to cyber-security researchers, fake Telegram Messenger apps are currently hacking devices, including PCs, with a Windows-based malware that can put your information at risk because it evades the installed anti-virus systems.

According to a report by Minerva Labs, which was founded in 2014 by former Israeli Defense Forces officers who served in elite cyber forces, fake Telegram messaging app installers are being used to distribute the Windows-based ‘Purple Fox’ backdoor on compromised systems.

“We found a large number of malicious installers delivering the same ‘Purple Fox’ rootkit version using the same attack chain. It seems like some were delivered via email, while others we assume were downloaded from phishing websites,” said researcher Natalie Zargarov.

“The beauty of this attack is that every stage is separated to a different file which is useless without the entire file set. This helps the attacker protect his files from AV (anti-virus) detection,” the researcher informed.

During the investigation, they discovered that the threat actor was able to avoid detection by dividing the attack into several small files, the majority of which had very low detection rates by (antivirus) engines, “with the final stage leading to Purple Fox rootkit infection.”

‘Purple Fox,’ discovered in 2018, has rootkit capabilities that allow the malware to be planted beyond the reach of anti-virus solutions, according to thehackernews.com.

Trend Micro researchers discovered a.NET implant called FoxSocket that was used in conjunction with Purple Fox in October 2021.

“The rootkit capabilities of Purple Fox make it more capable of carrying out its objectives in a stealthier manner,” the researchers noted.

“They allow Purple Fox to persist on affected systems as well as deliver further payloads to affected systems.”

Zargarov stated that threat actors have frequently been observed using legitimate software to drop malicious files.

“This time, however, is different. This threat actor was able to leave most parts of the attack under the radar by separating the attack into several small files, most of which had very low detection rates by AV engines, with the final stage leading to Purple Fox rootkit infection, the researcher noted.

About the author

Brendan Byrne

While studying economics, Brendan found himself comfortably falling down the rabbit hole of restaurant work, ultimately opening a consulting business and working as a private wine buyer. On a whim, he moved to China, and in his first week following a triumphant pub quiz victory, he found himself bleeding on the floor based on his arrogance. The same man who put him there offered him a job lecturing for the University of Wales in various sister universities throughout the Middle Kingdom. While primarily lecturing in descriptive and comparative statistics, Brendan simultaneously earned an Msc in Banking and International Finance from the University of Wales-Bangor. He's presently doing something he hates, respecting French people. Well, two, his wife and her mother in the lovely town of Antigua, Guatemala.




Daily Newsletter