CP
cyberpings
Malware & RansomwareHIGH

Phorpiex Botnet - Spreading Ransomware and Sextortion Tactics

Featured image for Phorpiex Botnet - Spreading Ransomware and Sextortion Tactics
CSCyber Security News·Reporting by Tushar Subhra Dutta
Summary by CyberPings Editorial·AI-assisted·Reviewed by Rohit Rana
Ingested:
🎯

Basically, hackers are using a powerful botnet to spread malware and scam people.

Quick Summary

The notorious Phorpiex botnet is back, spreading ransomware and sextortion schemes. Millions are at risk as it targets users globally. Stay alert and protect your devices from this evolving threat.

What Happened

The Phorpiex botnet, also known as Trik, has resurfaced in the cybersecurity landscape, not as a new entity but as a reinvented criminal platform. Initially launched in 2011, this botnet has transformed from a basic spam tool into a sophisticated system capable of executing ransomware attacks, sending sextortion emails, and engaging in crypto-clipping. Its latest variant, the Twizt variant, employs a hybrid model combining traditional command-and-control (C2) servers with a peer-to-peer (P2P) network, making it more resilient against takedowns.

Who's Being Targeted

Currently, the Phorpiex botnet runs on 70,000 to 80,000 active devices daily, with over 1.7 million unique IP addresses tracked in the last 90 days. The most affected regions include Iran, Uzbekistan, China, Kazakhstan, and Pakistan. The botnet targets millions of users worldwide, with estimates suggesting that each spam campaign reaches between 2 million and 6 million email addresses.

Signs of Infection

Infected devices exhibit several signs, including unexpected system slowdowns, unauthorized network activities, and the presence of unusual files. Phorpiex establishes a foothold by copying itself into system directories and modifying registry keys, ensuring it restarts after reboots. It also spreads through removable USB drives, making it particularly insidious.

How It Works

Phorpiex conducts three major operations simultaneously: delivering mass ransomware, executing sextortion campaigns, and hijacking cryptocurrency wallets. The ransomware campaigns have been notably aggressive, with instances of LockBit Black ransomware being delivered to corporate networks. Additionally, sextortion emails threaten victims with fabricated webcam footage, demanding $1,800 in Bitcoin to avoid exposure.

Defensive Measures

Organizations are urged to take immediate action against Phorpiex infections. Recommended steps include:

  • Block known Phorpiex C2 IP addresses.
  • Monitor for unexpected autorun registry changes.
  • Restrict USB device access on corporate machines.
  • Disable UPnP on network routers and ensure operating systems are fully patched.
  • Deploy layered email filtering solutions to reduce spam and phishing risks.

Conclusion

The Phorpiex botnet's evolution highlights the ongoing threat of malware in the cyber landscape. Its ability to adapt and execute multiple criminal operations simultaneously makes it a formidable adversary. Awareness and proactive measures are essential to protect against its reach.

🔒 Pro insight: The Phorpiex botnet's P2P architecture significantly complicates takedown efforts, necessitating enhanced detection and response strategies.

Original article from

CSCyber Security News· Tushar Subhra Dutta
Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Malicious Email Delivers CMD Malware - Privilege Escalation Alert

A malicious email has delivered a .cmd malware file that escalates privileges and bypasses antivirus systems. Users are at risk of significant system compromise. Awareness and immediate action are vital to mitigate this threat.

Security Affairs·
HIGHMalware & Ransomware

Axios NPM Package Compromised - Supply Chain Attack Exposed

A major supply chain attack compromised the Axios NPM package, affecting millions of users. Malicious versions deployed a RAT, posing serious security risks. Swift action was taken to remove the threats.

Trend Micro Research·
HIGHMalware & Ransomware

Brokk Hacked - Play Ransomware Exposes Sensitive Data

Brokk has reportedly been hacked by Play ransomware, leading to the leak of sensitive corporate data. This incident could severely impact the company's reputation and security. Organizations must bolster their defenses to prevent similar breaches.

SC Media·
HIGHMalware & Ransomware

Chaos Malware - New Targeting of 64-bit Linux Servers

Chaos malware has evolved to target 64-bit Linux servers, expanding its attack surface. This shift raises alarms for organizations relying on these systems. Enhanced security measures are now crucial to protect against potential larger-scale attacks.

SC Media·
HIGHMalware & Ransomware

SparkCat Variant - New Malware Steals Crypto Wallet Images

A new SparkCat malware variant has been found in iOS and Android apps, targeting crypto wallet recovery phrases. This poses a significant risk to users. Stay vigilant and protect your data!

The Hacker News·
HIGHMalware & Ransomware

Boeing RFQ Malware Campaign - Hackers Deploy Six-Stage Attack

A new malware campaign is targeting industrial suppliers with fake Boeing RFQ emails. This sophisticated attack uses multiple file types to evade detection. Organizations need to be aware and take action to protect themselves.

Cyber Security News·