BleepingComputer cybersecurity experts: Threat actors exploit the CVE-2021-20038 to execute code as the 'nobody' user in compromised appliances.
Purple Fox released by Telegram installer for desktop. The malware is downloaded and activated by one of the two files contained within the executable. Goal: to reduce the chance of being detected and stopped
Purple Fox is the final malware downloaded to the victim’s computer at the end of a process that starts from the Telegram desktop installer. Cybersecurity researcher MalwareHunterTeam found this out. The cybercrime actors behind the operation, to reduce the possibility of the final payload being detected, have inserted two files in the executable: inside is the real Telegram and a malicious loader. The latter, as Minerva Labs cybersecurity experts blog reports, extracts and installs the malware along with anti-detection and persistence mechanisms.
Additional samples detected by JAMESWT