Cybersecurity researchers have discovered that a decade-old botnet has a new feature that allows it to send millions of phishing emails, specifically sextortion threats from a single hijacked PC. The Phorpiex botnet, also known as Trik, is a worm that infects PCs via phishing emails, then downloads more malware payloads from its command and control center. Phorpiex, in fact, was known for distributing other malware families through spam and for driving large-scale sextortion and crypto mining spam campaigns that actually affected many users on the network.
This is an enduring botnet known for its extortion campaigns and for using outdated worms that spread via removable USB drives and instant messaging applications, it began diversifying its infrastructure in recent years to become more resilient and deliver more dangerous payloads.
Today, the Phorphiex botnet continues to maintain a large botnet and generates a wide range of malicious activities but … As of 2018 this expanded to include cryptocurrency mining, increased data exfiltration activities, and ransomware delivery Additionally, the bot’s installer was observed to be distributing Avaddon, Knot, BitRansomware (DSoftCrypt / ReadMe), Nemty, GandCrab, and Pony ransomware, among other malicious programs.
The Phorpiex botnet has a reputation for being simplistic and lacking in robustness, and has been hijacked by security researchers in the past. Its tactics, techniques, and procedures (TTPs) have remained largely static, with common commands, file names, and execution patterns almost unchanged from early 2020 to 2021.
However, to support its expansion, Phorpiex has changed some of its commands and Control architecture (C2) moves away from its traditional hosting, favoring Domain Generation Algorithm (DGA) domains over brand domains and static.
Unfortunately, cybercriminals are always looking to update and improve their threats, and this evolution characterizes the role of botnets in the threat landscape and the motivation of attackers to persist and remain effective.
Related reads:
The First Ransomware in the world – When it all started
Ping of Death, One of the first threats on the net
