New Phorpiex Botnet Variant Steals Half a Million Dollars in Cryptocurrency

2021-12-16 23:19

Cryptocurrency users in Ethiopia, Nigeria, India, Guatemala, and the Philippines are being targeted by a new variant of the Phorpiex botnet called Twizt that has resulted in the theft of virtual coins amounting to $500,000 over the last one year.

Israeli security firm Check Point Research, which detailed the attacks, said the latest evolutionary version "Enables the botnet to operate successfully without active servers," adding it supports no less than 35 wallets associated with different blockchains, including Bitcoin, Ethereum, Dash, Dogecoin, Litecoin, Monero, Ripple, and Zilliqa, to facilitate crypto theft.

While the botnet operators shut down and put its source code for sale on a dark web cybercrime forum in August 2021, the command-and-control servers resurfaced a mere two weeks later to distribute Twizt, a previously undiscovered payload that can deploy additional malware and function in peer-to-peer mode, thus eliminating the need for a centralized C&C server.

"The emergence of such features suggests that the botnet may become even more stable and therefore, more dangerous."

It's worth noting that the botnet is designed to halt its execution should the infected system's locale be defaulted to Ukraine, suggesting that the botnet operators are from the East European nation.

"In the past year, Phorpiex received a significant update that transformed it into a peer-to-peer botnet, allowing it to be managed without having a centralized infrastructure. The C&C servers can now change their IP addresses and issue commands, hiding among the botnet victims."

News URL

https://thehackernews.com/2021/12/new-phorpiex-botnet-variant-steals-half.html

#botnet #cryptocurrency