Phorpiex Botnet Shifts Gears From Ransomware to Sextortion

A  recent wide-scale campaign indicates that a decade-old botnet is shifting gears from distributing ransomware to delivering millions of sextortion threats to innocent recipients. Worse, researchers say that the botnet’s spam campaign can affect up to 27 million potential victims.

The botnet, Phorpiex, has been active for almost a decade and currently controls almost 500,000 computers globally. The botnet is known for distributing malware such as GandCrab as well as cryptocurrency miners on infected hosts. However, researchers with Check Point say the botnet has recently been spotted in a five-month campaign cashing in on a new form of revenue generation: Wide-scale sextortion.

“Phorpiex, a veteran botnet, has found a way to use [its infected computers] to generate easy income on a long term basis,” Check Point researchers said in a Wednesday analysis. “This new activity might be connected with the termination of Gandcrab, a ransomware that Phorpiex used to distribute, or just because plain-text emails still manage to infiltrate many cyber-defense lines. In any case, Phorpiex…is continuously propagating sextortion emails – by the millions.”

Read more…
Source: ThreatPost