Researchers say a botnet targeting Windows-based devices is growing exponentially in size due to a new infection method that allows the malware to spread from computer to computer.
Known as the Purple Fox malware, which was first noticed in 2018, the attack has been spreading via phishing emails and exploit kits, which is a way many threat groups use to infect devices using known security flaws.
Recently, researchers Amit Serper and Ophir Harpaz, who work at security firm Guadicore, released a blog post revealing the new infection threat and stated that the malware now targets internet-facing Windows devices with weak passwords, which grant the malware the opportunity to spread quickly.
- The best cheap laptop deals for March 2021
- Best cheap MacBook deals of March 2021
- Best VPN services 2021
The updated malware tries to enter Windows systems by guessing weak user passwords and targeting a server's message block or SMB. An SMB is a component that lets Windows communicate with other devices, such as printers and file servers. If that isn't bad enough up for you, it sadly gets worse.
Once the malware gains access by finding a vulnerable computer, it totes along with a malicious payload of over 2,000 older compromised Windows web servers and silently installed a rootkit, keeping it anchored to your computer while making itself nearly undetectable and hard to remove. Once it has infected your system, it will close the ports behind itself in the firewall to infect your computer in the first place. Then it prevents reinfection or other threat groups from trying to hack your already hacked system.
Sadly, this botnet is even worse than a bad relationship. Its malware then generates lists of internet addresses then scans the internet for vulnerable devices with weak passwords like yours to infect further, thus creating an endless, constantly growing network of captured infected devices. This lets attackers set it and forget and develop more creative ways to ruin our days.
Obviously, it's working because Purple Fox infections have shot up a staggering 600% since last May of 2020, and infection numbers are more than likely higher than that.
Sadly, even Guardicore has no clue as to the intention of this threat, with Serper saying, "We assume that this is laying the groundwork for something in the future." Guardicore has published a list of indicators to help networks identify if they've been infected. With that said, stay vigilant, my friends, and please change that weak password; you know which ones I'm talking about. The ones that are usually + insert last name and 123. Stop that!