Attackers Test Weak Passwords in Purple Fox Malware Attacks

Researchers share a list of passwords that Purple Fox attackers commonly brute force when targeting the SMB protocol.

Weak passwords used over the Windows Server Message Block (SMB) protocol are often part of attacks that result in the spread of Purple Fox malware, Specops researchers report.
Purple Fox, first detected in 2018, is a malware campaign that targets Windows machines. Until recently, its operators used phishing emails and various privilege escalation exploits to target Internet Explorer and Windows devices. However, in late 2020 and early 2021, a
new infection vector
began to infect Internet-facing Windows devices through SMB password brute force.
While Purple Foxs functionality didnt change post-exploitation, its distribution method caught the eye of Guardicore researchers. The team observing Purple Fox describes a hodge-podge of vulnerable and compromised machines hosting the initial payload, infected devices serving as nodes of worm campaigns, and server infrastructure believed to be related to other malware campaigns.
There are multiple ways Purple Fox can start spreading. In some attacks, the worm payload is executed after a target is compromised through an exposed service, such as an SMB; these services are targeted with weak passwords and hashes. In other attacks, the worm is sent through a phishing email that exploits a browser vulnerability.
Researchers with Specops created a global honeypot system to collect information on what these SMB attacks look like and the kind of passwords attackers are using. The team analyzed more than 250,000 attacks on the SMB protocol over a period of 30 days. In that time, password was seen used in attacks more than 640 times, they report.
Password was only the third most-common password used in these attacks. Most popular was 123, followed by Aa123456. They also frequently tried 1qaz2wsx, abc123, password1, welcome, 888888, and 112233.
Read the full list
here
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Attackers Test Weak Passwords in Purple Fox Malware Attacks