‘Purple Fox’ Hackers Used Unique FatalRat Variant During Latest Malware Attacks

The Purple Fox malware’s operators have upgraded their malware inventory with a new edition of a remote access trojan named FatalRAT.  As well as its evasion strategies to get around security products.

“Trojanized software packages posing as legal application installers” are used to attack users’ machines, according to Trend Micro researchers in a report released on March 25, 2022. “The installers are widely distributed online to deceive users and expand the botnet’s overall infrastructure.”

What Exactly is FatalRAT?

FatalRAT is a remote access trojan with a wide range of features that an attacker can use remotely. Before fully infecting a system, the virus performs a series of tests. Including, checking for the presence of various virtual machine products, storage space, the number of physical CPUs, and more.

According to the researcher, the RAT is in charge of loading and running the auxiliary modules based on the victim systems’ checks. If specified [antivirus] agents are operating or registry keys are identified, changes may occur. The auxiliary modules are designed to help the group achieve its specific goals.

Also read: Netflix Adds Three New Games to Its Game Library

Purple Fox

Purple Fox, includes a rootkit module, also has support for five distinct actions. Including, deleting and copying files from the kernel and evading antivirus engines by intercepting file system calls.

The findings come in the wake of recent disclosures by cybersecurity firm Avast. Avast highlighted a new campaign in which the Purple Fox exploitation framework was used. It was used as a distribution channel for another botnet known as DirtyMoe.

The Purple Fox botnet’s operators are still active, according to researchers. They are routinely updating their arsenal with new software and refining the malware variants they already have. They are also attempting to expand their signed rootkit arsenal for [antivirus] evasion by targeting detection techniques with customized signed kernel drivers.”

Also read: Xbox Game Pass has Handed out Over $2.5 billion in Royalties to Indie Developers