Users should be careful when downloading Telegram for desktop. Researchers recently discovered a hacking scheme that pretends to be the legitimate Telegram installers but drops malicious files instead. Even worse, this Purple Fox malware threat is hard to detect once installed.
Adding malicious files in counterfeit installers is a popular hacking strategy. However, researchers have raised the alert against the newly discovered threat. They explained that Purple Fox is a highly sophisticated malware that launches multiple attacks.
Telegram Installers Infected by Purple Fox Malware
Experts from Minerva explained the steps of the attack. They emphasized that the threat has a very low detection rate because it separates the attack into several small files. The final stage of the attack leads to rootkit infection.
The malicious Telegram installer is a compiled AutoIt script called "Telegram Desktop.exe." Once installed, the AutoIt script creates a new folder called "TextInputh" on the file path "C:UsersUsernameAppDataLocalTemp."
The file drops a legitimate Telegram installer, which fools users with its authenticity. While users download their Telegram, the malware also starts downloading small but dangerous files.
Two of these dangerous files will be hidden in a new folder named "1640618495" on file path "C:UsersPublicVideos directory." These files will ensure that any other malicious payloads downloaded and executed will be undetected to 360 AV. After everything is discreetly executed, the hacker should have backend access to an infected device.
Minerva researchers said they found a number of malicious installers using the same strategy. They said Purple Fox malware is also being delivered via emails and phishing websites. Although there are indicators for the attack, a lot of other users might be unaware that their device is already being infected.
How to Stay Safe Against Purple Fox Malware
Scams and malware attacks are becoming more frequent in these last few months. This is because malicious attackers are taking advantage of the digital systems due to the digital lifestyle amid the pandemic. Users are recommended to be responsible for their own safety by watching out for indicators of malware.
According to an earlier article, most scam strategies are delivered to end-users via mobile virus scams, SMS phishing and voice mail scams. Also, be warned that dangerous links from suspicious internet websites can be an inventory for malicious files.
Users should watch out for three scam strategies that try to entice users to download a malicious file. These are:
- Urgency or threat: Scammers often take advantage of users' fears by using topics like "your account has been hacked" or "the offer will soon expire."
- Empathy: Scammers use this strategy to make it hard for a user to reject the request. This strategy uses tactics like "one-click installation" or "easy access" to premium services.
- Grand promises: On the flip side of the first strategy, scammers try to appease users with deals that are too good to be true. These are topics like "winning a new promo" or a "special discount."
Whenever users face this kind of offers, they are recommended to ignore it. Instead, only download necessary files from the internet from secure and legitimate websites.
Related Article: Ethereum Users Fall Victim to EtherWrapped Scam; Lose Over $200,000 After YEAR Token Airdrop