May 14, 2024 By Pierluigi Paganini
Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware.
New Jersey’s Cybersecurity and Communications Integration Cell (NJCCIC) reported that since April, threat actors used the the Phorpiex botnet to send millions of phishing emails as part of a LockBit Black ransomware campaign.
The botnet has been active since at least 2016, it was involved in sextortion spam campaigns, crypto-jacking, cryptocurrency clipping (substituting the original wallet address saved in the clipboard with the attacker’s wallet address during a transaction) and ransomware attacks in the past
In August 2021 the criminal organization behind the Phorpiex botnet have shut down their operations and put the source code of the bot for sale on a cybercrime forum in on a dark web.
In December 2021, experts at Check Point Research observed the resurgence of the Phorpiex botnet.
The new variant, dubbed “Twizt,” could operate without active C2 servers in peer-to-peer mode. Each of the infected computers can act as a server and send commands to other bots in a chain. Experts estimated that in one year it allowed to steal crypto assets worth of 500,000 dollars.
