The MalwareHunterTeam and Minerva Labs have been hot on the heels of the latest malware intrusions in mobile and PC apps. Their latest discovery is called Purple Fox, which contains small files with malicious code that look like a normal Telegram installation. When you attempt to open the messaging app, the Trojan infects your device instead.
According to the researcher teams in Minvera Labs, using smaller files in a rootkit installation makes the malware harder to detect. When you try to install the app, the malware is released in stages. For now, the Trojan Telegram file is only available for PC desktops, but who knows how long before they try the same tactic for mobile phones.
How Purple Fox works is by creating folders on your PC that look like legitimate files for a Telegram installation. While the process is underway, disguised files communicate with a server to download malicious content. After installing an unarchiver and then extracting files, it executes a command line to release the Trojan that infects your registry.
You can read the entire Purple Fox process on Minerva Labs’ blog. Suffice it to say that, as soon as this Trojan hits your files and registry, it causes a tremendous amount of damage that’s hard to undo. Some anti-malware programs may not even be aware of the malware as yet, so make sure your virus library remains up to date.
Until then, make sure you only download Telegram for your PC from reliable sources.