Cyber-security researchers have issued a warning about fake Telegram Messenger apps currently circulating, posing a severe threat to devices, including PCs. These fraudulent applications are carrying a Windows-based malware that can compromise your data and evade installed anti-virus systems.

The Threat Unveiled

According to findings by Minerva Labs, established by former Israeli Defence Forces officers with elite cyber force experience, fake installers of Telegram Messenger are being exploited to distribute the ‘Purple Fox’ backdoor on compromised systems. Natalie Zargarov, a researcher involved in the investigation, highlighted the sophistication of this attack, where malicious installers deliver the ‘Purple Fox’ rootkit through various means such as email or phishing websites.

Stealthy Attack Strategy

The attack’s intricacy lies in its segmented approach, with each stage encapsulated in separate files. This segmentation aims to bypass anti-virus detection, as each individual file appears harmless on its own. Zargarov emphasized that the final stage of the attack, culminating in the Purple Fox rootkit infection, remained particularly elusive to detection mechanisms.

The Menace of Purple Fox

‘Purple Fox’, initially identified in 2018, possesses rootkit capabilities, enabling it to embed itself beyond the detection reach of traditional anti-virus solutions. Trend Micro researchers discovered that Purple Fox was often deployed alongside a .NET implant named FoxSocket, enhancing its stealth and persistence on affected systems.

Evolving Tactics

Threat actors are adapting their tactics, leveraging legitimate software as vectors for deploying malicious payloads. However, the segmentation strategy observed in this attack represents a notable escalation in evasion techniques. By fragmenting the attack into smaller files with minimal detection rates, the threat actors ensure their malicious intentions evade detection until the final, critical stage.

In conclusion, the emergence of fake Telegram Messenger apps harboring the Purple Fox malware underscores the evolving sophistication of cyber threats. It underscores the need for heightened vigilance and robust cybersecurity measures to mitigate such risks effectively.