Phorpiex Botnet Is Becoming Harder to Disrupt

Phorpiex/Trik is an SDBot fork (therefore IRC-based) used to spread GandCrab, Pushdo, Pony, and coin miners.

The previously retired Phorpiex botnet has resurfaced with new peer-to-peer command and control architecture, making the virus more difficult to destroy.

A botnet is a network of infected computers or other internet-connected devices, that communicate with each other in order to perform the same malicious actions, like launching spam campaigns or distributed denial-of-service attacks. The network can be controlled remotely by online criminals to serve their interests and, at the same time, this allows the hackers to avoid detection or legal actions by law agencies.

The Phorpiex botnet originally appeared in 2016 and swiftly grew to a vast army of over 1 million devices, and was infamous for conducting large-scale sextortion spam operations, allowing threat actors to spam over 30,000 sextortion emails each hour.

Is ‘Twizt’ the New Phorpiex?

CheckPoint researchers noticed Phorpiex propagating a new malware strain named “Twizt,” which allows the botnet to function without centralized command and control servers.

Instead, the new Twizt Phorpiex version incorporated a peer-to-peer command and control mechanism that allowed infected devices to relay orders to one other if the static command and control servers were unavailable.


Read More: