Spam and ransomware: the return of the Phorpiex botnet

In the report "June 2020 Most Wanted Malware" of Check Point Research (link at the bottom of the article) the news of the return of Phorpiex. A botnet already well known to professionals, returned to large-scale operations in June with the aim of helping cybercriminals in the distribution of malware and in the conduct of spam campaigns.

revises: the Phorpiex botnet

In the past it has already been talked about for activities related to the sextortion phenomenon, but in the thirty days that we have recently left behind it has turned out to be much more active than what was found in May. The number of attacks perpetrated was so high that it affected 2% of the organizations examined, going from thirteenth to second place of the malware campaigns identified most frequently of the month.

On the top step of the podium Agent Tesla, a remote access trojan (RAT) that steals information and content from victims' devices. The third place was assigned to XMRig, dedicated to cryptomining.

Phorpiex's task is to spread the malicious Avaddon code through a corrupt ZIP archive attached to email messages created ad hoc with an emoji (“; ) ") As an object. Once the file is opened, the action of the ransomware takes place, blocking access to what is on the hard disk asking for the payment of a ransom to restore it.

In the past also known as Trik, the botnet was used in past years to distribute other cyber threats such as GandCrab and Pony as well as to mine cryptocurrencies on compromised machines.

Source: Check Point Software