Purple Fox malware distributed via malicious Telegram installers

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/security/purple-fox-malware-distributed-via-malicious-telegram-installers/

A malicious Telegram for Desktop installer distributes the Purple Fox malware to install further malicious payloads on infected devices.

The installer is a compiled AutoIt script named "Telegram Desktop.exe" that drops two files, an actual Telegram installer, and a malicious downloader.

While the legitimate Telegram installer dropped alongside the downloader isn't executed, the AutoIT program does run the downloader (TextInputh.exe).

At this time, it is unknown how the malware is being distributed but similar malware campaigns impersonating legitimate software were distributed via YouTube videos, forum spam, and shady software sites.