- The ‘Phorpiex’ botnet has gone silent for a while, and now its source code has appeared online for sale.
- The poster claims that the original authors and operators of the malware have left the project, so they’re passing it to a new owner.
- The prospects of ‘Phorpiex’ generating the amounts it did in the past are not very convincing.
It looks like the ‘Phorpiex’ botnet has been shut down, and the operators of the malware have made the project’s source code available for purchase on the dark web. The reason given by the poster is allegedly the one original authors and operators of Phorpiex have left the project, and those holding it right now have no interest in continuing. The darknet post was spotted by Cyjax, a cyber-intelligence firm, who has posted the following screenshot on Twitter.
As explained by the poster/seller, the price for buying the Phorpiex source code is $9,000, and this includes access to all the systems where the botnet has nested already. This is an important aspect of the deal as Phorpiex is a crypto-jacking worm whose purpose is to make money for its operators by running XMRIG miners on the host or redirecting crypto transactions to actor-controlled wallets. These are not the only money-making method for its operators, as we’ve seen cases of sextortion too. As such, the sale is presented as an investment, but as with all investments, this one comes with dire risks.
TheRecord has spoken with a researcher from Check Point who has been tracking the particular botnet lately, and he confirmed that Phorpiex has already been infiltrated by analysts and hijacked by third parties who are looking to deploy their own payloads. As such, buying it has no guarantees that it will generate enough to make the investment and the legal risks worth it. The researcher further stated that Phorpiex has remained dormant since July 6, 2021, so its status is now doubtful, and the number of active infections is debatable.
The last time that Phorpiex showed a strong heartbeat was in May when Microsoft warned about an evolutionary development in the botnet that enabled it to carry more payloads and target more countries. That report presented evidence of collaboration with ransomware groups such as the now-defunct “Avaddon” and defined the profits for the group at roughly $1,300 per day. These days of glory are over now, and the promise of passing them to a new beneficiary for only $9k is pretty unconvincing.