Ukraine subjected to PurpleFox malware attacks

More than 2,000 computers across Ukraine were noted by the country's Computer Emergency Response Team to have been compromised as part of a widespread attack campaign with the modular Windows botnet payload PurpleFox, also known as DirtyMoe, which could be leveraged to facilitate further payload deployment and distributed denial-of-service intrusions, BleepingComputer reports. Most of the 486 intermediate control server IP addresses detected in PurpleFox-infected computers from Jan. 20 to 31 originated from China, according to CERT-UA, which did not provide more details regarding the extent of the attack campaign, which is being tracked under UAC-0027. However, organizations have been given several recommendations on determining potential PurpleFox compromise, including evaluating network connections to "high" ports and verifying the payload's persistent execution. Meanwhile, those with confirmed infections were advised to remove all impacted modules using the free antivirus system of Avast, as well as activate the Windows firewall and block certain port traffic to prevent repeat compromise.