The malware campaign, dubbed Purple Fox, has been active since at least 2018 and the discovery of the new worm-like infection vector is yet another sign that consumer-grade malware continues to reap profits for cybercriminals.

According to Guardicore researcher Amit Serper, the Purple Fox operators primarily used exploit kits and phishing emails to build botnets for crypto-mining and other nefarious uses.

Now, the new SMB brute-force method is being combined with rootkit capabilities to hide and spread widely across internet-facing Windows computers with weak passwords.