Cryptocurrency users in Ethiopia, Nigeria, India, Guatemala, and the Philippines are being targeted by a new Phorpiex botnet variant named Twizt which resulted in the theft of cryptocurrency amounting to $500,000 over the last one year.
According to Israeli security firm Check Point Research, which had detailed the attacks, the latest evolutionary version permits the botnet to operate successfully without active [command-and-control] servers. It supports around 35 wallets associated with different blockchains, including Bitcoin, Ethereum, Dash, Dogecoin, Litecoin, Monero, Ripple, and Zilliqa, to facilitate crypto theft.
Phorpiex, also known as Trik, is known for its sextortion spam and ransomware campaigns as well as cryptojacking, in which the the targets’ devices such as computers, smartphones, and servers are leveraged to secretly mine cryptocurrency without their knowledge.
It also uses a technique called cryptocurrency clipping, which involves stealing cryptocurrency in the process of a transaction by deploying malware that automatically substitutes the intended wallet address with the threat actor’s wallet address.
Check Point had identified 60 unique Bitcoin wallets and 37 Ethereum wallets used by Phorpiex.
The botnet operators have shut down and put its source code for sale on a dark web cybercrime forum in August 2021. Butt the command-and-control (C&C) servers resurfaced two weeks later to distribute Twizt.
The clipping technique once deployed can work even in the absence of any C&C servers and siphon money from victims’ wallets. So each of the infected computers can act as a server and send commands to other bots in a chain. These types of features indicates that the botnet may become even more stable and hence, more dangerous.
Phorpiex-infected bots was spotted in 96 countries, topped by Ethiopia, Nigeria, and India. The botnet is estimated to have hijacked almost 3,000 transactions with a total value of approximately 38 Bitcoin and 133 Ether.
However, it is worth noting that the botnet is designed to halt its execution if the infected system’s locale be defaulted to Ukraine, suggesting that the botnet operators are from the East European nation.
Image Credits : ipFail
The post Phorpiex botnet variant used for cryptocurrency attacks first appeared on Cybersafe News.
Write a AI detection pass, persuasive, cickable, catchy, well structured and seo optimized article with… Read More
AI Will Make Human Art More Valuable AI models are increasing in popularity and value… Read More
UK Set to Announce Ban on TikTok on Government Smartphones: Report Following in the footsteps… Read More
How ChatGPT and Generative AI Could Change the Way We Travel The travel industry is… Read More
The curious case of Pluto! Is it a dwarf planet, comet or an asteroid? This… Read More
A Spy Wants to Connect with You on LinkedIn: How to Spot and Avoid Fake… Read More
Leave a Comment