Researchers uncovered cybercriminals using a malicious Telegram installer to drop Purple Fox Rootkit. It is believed to be spreading using email or probably via phishing websites. Phase-based operations and dependency on different files for each phase make this attacker go unnoticed from security systems.