PurpleFox (also known as DirtyMoe, Perkiler, and NuggetPhantom) is a PowerShell-based botnet and exploit kit to install cryptocurrency miners that has been active since late 2017. It has had a slowly growing number of features from DDoS in 2018 to now including a worm module to spread via SMB. In 2021, the PurpleFox gang has installed miners on over 100,000 systems. This reporting comes from Avast, which may be an undercount.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in