Blog Security Purple Fox Rootkit Now Propagates as a Worm The Guardicore Labs Team is a global research group, consisting of hackers, cybersecurity researchers, and industry experts. by Amit Serper and Ophir Harpaz \r\n Executive Summary \r\n \r\n Purple Fox is an active malware campaign targeting Windows machines. \r\n \r\n Up until recently, Purple Fox’s operators infected machines by using exploit kits and phishing emails. \r\n \r\n Guardicore Labs have identified a new infection vector of this malware in which internet-facing Windows machines are being breached through SMB password brute force. \r\n \r\n Guardicore Labs have also identified Purple Fox’s vast network of compromised servers hosting its dropper and payloads. These servers appear to be compromised Microsoft IIS 7.5 servers. \r\n \r\n The Purple Fox malware includes a rootkit that allows the threat actors to hide the malware on the machine and make it difficult to detect and remove.…