A new variant of botnet Phorpiex is hijacking hundreds of cryptocurrency transactions in India, Ethiopia and Nigeria, according to security firm Check Point.
(Sign up to our Technology newsletter, Today's Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)
The bot was first spotted in 2016 and was known for its massive sextortion spam campaigns, crypto-jacking and ransomware attacks. The bot’s source code was reportedly sold off, but resurfaced weeks later at another IP address, the firm noted.
Now, the new variant operates without a C&C server which means that each of the infected computers can act as a server and send commands to other bots in a chain. This indicates the malware can spread faster and more easily through several systems.
Also Read | Hackers-for-hire are biggest cybersecurity threat: EU agency
Attacks began to increase over the last two months in more than 96 countries, including India Ethiopia and Nigeria, Check Point added. The bot has attacked 969 transactions and has stolen crypto assets worth almost $0.5 million.
The botnet also uses a new attack method called crypto-clipping that steals cryptocurrency including bitcoin, ethereum and dogecoin during a transaction, by substituting the original wallet address saved in the clipboard with the attackers wallet address.
This method carries an increasing risk of large financial losses, especially as the servers experience no downtime which results in hundreds of thousands of boards remaining installed and continues to steal victims money, the firm said.
Published - December 17, 2021 05:35 pm IST
