Phorpiex botnet stopped working, its source code is up for sale

Phorpiex botnet stopped working
Written by Emma Davis

The Phorpiex malware operators have announced that the botnet stopped working and have put its source code up for sale on a hacker forum, as Cyjax researchers noted.

An announcement posted by a person previously associated with Phorpiex claims that neither of the two original malware developers were involved in the operation of the botnet, so it was decided to sell the source code.

Since I no longer work and my friend has gone out of business, I am here to offer you the sale of Trik (name from coder)/Phorpiex (name from antivirus developers).says the announcement.

Check Point specialist Alexey Bukhteev confirmed the accuracy of this announcement to the journalists of The Record.

The description of the malicious program is very similar to what we previously observed in the code.Bukhteev says.

A researcher who analysed Phorpiex back in 2019 said that the malware’s control servers have been down for almost two months. Bukhteev, who launched the fake Phorpiex bot in order to monitor its activities, told The Record that the last command the bot received from the servers on July 6, 2021 was “SelfDeletion”, that is, self-destruction.

As far as we know, the source code is private and has not been previously sold. So [the ads on the forum] looks really believable. However, you can find out for sure only by buying it. The binaries are pretty simple, and we can easily confirm that this source code is really meant for this bot. the researcher says.

At the same time, Bukhteev warns that even if the botnet’s command servers are not working at the time of purchase, after the purchase, new ones will be launched and all previously infected systems will be taken over.

So far there are many infected machines, that is, active bots. We cannot say exactly how much, but we constantly see a lot of activity in our gateways.he comments.

It is not yet clear if the botnet will be bought by anyone. Overall, Phorpiex has a proven track record of making profits, primarily through its spam module and clipboard grabber to steal cryptocurrency.

For example, in 2019, a spam module helped botnet authors get more than $115,000 in profits when they were engaged in so-called “sextortion”. This tactic involves intimidating users: scammers send out spam, in which they try to convince their victims that they have some compromising images or videos, and demand a ransom.

The malware authors also successfully sold access to their bots to ransomware hack groups, and the now defunct Avaddon gang used Phorpiex to deploy their payloads on corporate networks more than once.

Let me remind you that Phorpiex is not the first malware to announce its termination in the past few months. So, in the spring the ransomware Ziggy “closed”, and its operators published the keys to decrypt the data and promised to return the money to the victims.

Then the Avaddon ransomware, whose keys were also published, stopped working. Earlier this month, the hack group El_Cometa, formerly known as SynAck, released master keys for decrypting data. And finally last week the ransomware Ragnarok closed and released a file decryption utility.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply