According to a new report by Check Point Research, a decade-old malware — the Phorpiex botnet — sends across millions of sextortion emails to people and has developed a method of revenue generation. This way, the malware earns a significant amount of money as part of a large scale sextortion campaign.
Phorpiex: The Botnet
It is suggested that the Phorpiex botnet, also known as Trik, now makes use of a new spam bot (to spread spam emails) to install a database of email addresses from a C&C server.
Email addresses are randomly picked to send across sextortion emails to them made from several hard-coded strings. Hard-coded strings help embed the sextortion email data directly into the user’s source code.
Following this process, the malware can generate around 30,000 sextortion emails an hour and each spam campaign can affect about 27 million victims.
With the ability to infect around thousands of computers by sending across millions of sextortion emails, Phorpiex can earn around $22,000 per month.
For those who don’t know, the earning capability is a new one, as Phorpiex previously used to generate money by spreading other malware. The malware included GandCrab, Pony, Pushdo, and utilized its hosts to mine cryptocurrency.
The report further suggests that the new Phorpiex spam bot doesn’t have its own persistence mechanism as it is installed and spread via other Phorpiex modules.
How Does The Phorpiex Spam Bot Work?
Once the malware infects a particular computer, its spam bot module connects with its C&C (command and control) servers and tries to download the database, comprising around 20,000 email addresses per database. The report notes that there were email databases in the range of 325 and 1363 on a single C&C server.
Now, the spam bot makes 15,000 threads to send the sextortion emails. For this, it uses SMTP or Simple Mail Transfer Protocol.
Furthermore, Phorpiex malware also has a database of email addresses consisting of users’ leaked passwords. The passwords make the process of extorting money from the victims easy as, then, the email is seriously by the recipient.
How Many Victims Are Affected?
The report suggests that around 150 users fell prey to the Phorpiex malware and paid money. Researchers noted around 14 Bitcoin transfers that are currently valued at $110,000.
While the victim count isn’t much, Phorpiex has managed to execute a successful sextortion process and is currently operating on 500,000 infected hosts, which means it is still dangerous!
All users can do is not fall for the sextortion emails they receive and try opening up emails from trusted senders only.