• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » Purple Fox Uses Weak Windows Passwords in New Worm-Like Attacks

Purple Fox Uses Weak Windows Passwords in New Worm-Like Attacks

2021-04-21 by Grace Choi

A 2018 Malware is Using a New Approach to Infect Windows Devices

Note: We may earn a commission from products or services when you click on a link and make a purchase.

What is Purple Fox?

Purple Fox is a malware first discovered in 2018. Targeting Windows machines, Purple Fox used exploit kits and phishing emails to infect targets. Exploit kits gather information on the victim machine, detects vulnerabilities and uses this information to determine the appropriate approach for delivering and deploying the malware.

New Attack Method

Now, Purple Fox has re-emerged with a new infection vector, where breaches are occurring through SMB passwords without user interaction. This is troubling because this means that regardless of individual caution when opening emails from unfamiliar sources, malicious parties are still able to infect devices. This approach was used in last year’s Banco BCR ransomware attack, with claims that payment card information had been stolen.

READ Where Are My Saved Passwords in Chrome?

Guardicore Labs have identified Purple Fox’s network of compromised servers hosting payloads, which appear to be Microsoft IIS 7.5 servers. The malware includes a rootkit which makes it difficult to detect and remove the malware as it hides on the machine it is infecting. This is made possible by utilizing weak passwords used over the SMB (Server Message Block) protocol.

SMB is used by Windows computers to communicate with other network devices (i.e. printers, file servers, etc.). Active Directory users also use the SMB protocol with their Active Directory password. Common passwords used by Purple Fox include, but are not limited to, the following:

  1. 123
  2. Aa123456
  3. password
  4. 1qaz2wsx
  5. 12345678
  6. a123456
  7. password1
  8. abc123
  9. 111111111
  10. welcome
  11. 1234567890
  12. 111111
  13. 654321
  14. 123456789a
  15. princess
  16. 1q2w3e4r
  17. 888888
  18. dragon
  19. 112233
  20. iloveyou

SEE ALSO The Most Common Hacked Passwords

While Purple Fox’s prior methods (phishing and exploit kits) require some user interaction to initiate, the new SMB attack method does not require this interaction. These brute force attacks are versatile, and they would make accounts with reused passwords easy targets.

A Warning to the General Public

It is easy to forget new passwords, and people often use the same password across multiple online accounts, especially for accounts that may not necessarily be directly connected to financial or otherwise “important accounts.” However, using the same password more than once on different sites opens individuals up for these attacks. If one site is breached and users’ passwords are stolen, it would be easy work for threat actors to run the same passwords through other popular websites to steal personal information which can then be used in other phishing or hacking campaigns.

A reliable password app will help create and store unique passwords for all online accounts.

SEE ALSO Top 9 Cyber Threats for Businesses

Personal information is used to bypass multi-factor authentication processes which are used for more secure accounts such as banking or government assistance. It is also used to reset passwords and set up multi-factor authentication processes which would lock individuals out of their attacks.

It is common to save passwords onto our browsers and reuse easily remembered passwords, but as attackers get more creative with their approaches, it becomes more important to create random, strong passwords for each account and avoid the most common passwords used across the board.

Filed Under: News

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version