Fake Telegram apps pose a significant risk to Windows users. It has been reported that an unauthentic version of the messaging app can hack your devices and compromise your data. According to the cybersecurity researchers, the fake app is capable of bypassing antivirus systems.
According to Minerva Labs, fake Telegram app installers are widely distributed on the Internet. It is said to be used to distribute the Windows-based ‘Purple Fox’ backdoor on compromised systems.
“We found a large number of malicious installers delivering the same ‘Purple Fox’ rootkit version using the same attack chain. It seems like some were delivered via email, while others we assume were downloaded from phishing websites. The beauty of this attack is that every stage is separated into a different file which is useless without the entire file set. This helps the attacker protect his files from AV (antivirus) detection,” the researcher noted in the blog.
Purple Fox was discovered for the first time in 2018. It appears to be one of the most malicious malwares capable of infiltrating a system beyond the reach of security solutions and evading detection. Once inside the system, it allows the backdoor to spread more quickly. According to the security researcher, such threat actors use legitimate software to drop malicious files.
“This time, however, is different. This threat actor was able to leave most parts of the attack under the radar by separating the attack into several small files, most of which had very low detection rates by AV engines, with the final stage leading to Purple Fox rootkit infection,” the researcher said.
