Monday, January 18, 18:12
Home security Phorpiex botnet: Spreads new ransomware campaign via phishing email!

Phorpiex botnet: Spreads new ransomware campaign via phishing email!

An infamous botnet returned last month, with them hackers try to distribute a ransomware campaign through it, along with others malware. His researchers "Check Point" analyzed the most common cyber threats targeting organisms, and observed a huge increase in attacks carried out through the Phorpiex botnet. Phorpiex botnet distributes a number of malware and spam campaigns, including sextortion email campaigns. This number increased significantly in June compared to May. In particular, the number increased to such an extent that Phorpiex was the 2nd most frequently detected malware campaign in June, while in May it was in 13th place. In addition, the number of attack attempts was so high that 2% of the organizations were targeted by the botnet. The botnet sends spam e-mail trying to transfer malicious payload to potential victims. In the last month it has been used in the Avaddon ransomware campaign.

This particular ransomware family appeared only in June, while Phorpeix is ​​trying to motivate potential victims to open a Zip attachment in a phishing email that uses an emoji wink theme. While it may sound like a common form of cyber attack, the hackers behind the campaign would not have used it if it had not been effective.


Phorpiex, also known as "Trick", has been used in the past to distribute spam campaigns for other forms of ransomware, including GandCrab and Pony, as well as for mining cryptocurrencies in infected Appliances.

Check Point researchers point out that organizations need to educate their employees on how to identify the types of malspam that pose these threats, such as the most recent email campaign targeting users that contain emoji wink, while they must ensure that they develop safety which effectively prevents the contamination of their networks.

While Phorpiex attacks have increased significantly, the most common malware detected in June was Agent Tesla, an advanced trojan remote access which targeted about 3% of organizations.


Agent Tesla is an information "thief" and keylogger, which allows attackers to see everything on an infected computer, including usernames, passwords, history browser, system information and more. In other words, intruders have access to everything they need to compromise a network.

The third most malware detected in June was XMRig, an open source cryptocurrency mining software that uses the CPU power of infected devices to create Monero. This malware seems to be working since May 2017.

Other malware that makes up the top ten most frequently detected malware in June Dridex, Trickbot, Ramnit and Emotet who have long been active in cybercrime, either stealing the same information or using it as a "stepping stone" to much more destructive campaigns. For example, Trickbot and Emotet are often used as the first stage of large-scale ransomware attacks.

Finally, it is worth noting that many of the common forms of malware are based on exploits and vulnerabilities that have been known for a long time. Therefore, it is possible to protect against these malware by applying updates code security.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Google Cloud: We use some SolarWinds, but we were not affected by the hack

Google Cloud CISO Phil Venables has revealed that the cloud uses software from the vendor, SolarWinds, but states that the use ...

Scotland Environment Service: ransomware continues to affect us

The Scottish Environmental Protection Agency (SEPA) has confirmed that it was hit by a ransomware attack last month and continues to face ...

Backdoors and vulnerabilities were discovered in FiberHome routers

Backdoors and other vulnerabilities have been discovered in the firmware of a popular FiberHome FTTH ONT router. FTTH ONT stands for Fiber-to-the-Home Optical Network ...

GitHub apologizes to an employee who fired! What happened;

GitHub has admitted that it was wrong to fire a Jewish official who made "anti-Nazi" comments about the Capitol riots.

By 2030 AI will replace the people of cybersecurity

Security company Trend Micro recently conducted a new survey that reveals that more than two-fifths (41%) of IT leaders believe ...

Chinese Winnti APT targets organizations in Russia and other countries!

Security researchers at Positive Technologies have uncovered a series of attacks carried out by a Chinese APT hacking team targeting organizations in Russia ...

Silicon Valley is investing a huge amount of money in India

From March to November, even when COVID-19 destroyed economies around the world, the richest man in India ...

Microsoft, Salesforce, Oracle are designing a digital vaccination passport

A Covid digital vaccination passport is being developed jointly by a team of health and technology companies, as well as governments, airlines and ...

Google removes Chrome Sync from third-party browsers

Google says it will block the use of private Google APIs by third-party Chromium web browsers after discovering that ...

Medical records of railway workers and drivers were leaked

UPS and Norfolk Southern are examining whether the medical records of employees were compromised, after the publication of health data of truck drivers and employees ...