A malicious Telegram installer is being used as bait for the installation of Purple Fox malware by criminals. As usually happens with infections of this type, the idea is to create a gateway to infected systems, with the solution installing itself in the operating system and evaluating its characteristics, downloading new pests from servers controlled by the attackers according to what is found. .
The focus of the infection is the Windows operating system, but according to the experts at Minerva Labs, responsible for the discovery, the vector of contamination has not yet been located. Be that as it may, the idea is to trick users into downloading the compromised version of Telegram, which doesn’t even run when downloaded by the user — instead, what runs is malware, which installs itself on the system and creates registry entries for establish persistence, running every time the computer is turned on.
Among the actions taken after the contamination is the deactivation of the UAC, a user account control system that is also responsible for alerting about installation attempts. Purple Fox is also capable of disabling antivirus solutions while connecting to a server under the criminals’ control, first delivering information about installed applications, Windows version, geolocation and other interesting features for further infection steps.
Without protections, the pest is able to assume admin privileges on the system and control other aspects of the platform. Among the possible exploits pointed out by experts are the manipulation of installed software and the theft of data and files, as well as lateral movement to other contaminated devices that may be connected to the network.
How to protect yourself?
While the vector of the infections is still unknown, similar infection campaigns have already used YouTube videos and forum posts as a way to reach victims. There are also reports of spam sent by email, message or forums, promising improved versions of software or modifications that add features.
The main recommendation, then, is to avoid downloading applications outside official and recognized websites and services. The tip applies to everyone, but in the specific case, the ideal is just to install Telegram from the application stores for Windows or from the messenger’s official page. In addition, it is worth keeping security software and the operating system itself always up to date, as this measure helps protect against the most common threats.
Source: Minerva Labs