DirtyMoe (a.k.a PurpleFox, NuggetPhantom, and Perkiler) has increased its operation 900% since 2020. While the botnet only infected 10,000 computers in 2020, it has since then infected 100,000 only in the first half of 2021.
The botnet is defined as a complex malware that is designed as a modular system. The group has been active since 2017, however, it was mainly used for cryptocurrency mining. The botnet was also used for causing a DDoS condition in 2018. The group uses CVE-2020-0674 scripting engine memory corruption vulnerability and many others to deliver the DirtyMoe rootkit.
Now the botnet has evolved to spread via the internet to other Windows systems.
“Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise”
The number of infected devices can also be far greater than the reported number. As the C2 serversinvolved in the attacks are located in China, it implicates that the threat actors behind DirtyMoe are experts and sophisticated.
for more updates visit https://decoded.avast.io/martinchlumecky/dirtymoe-1/#ref