Phorpiex Botnet Resurfaces Delivering Avaddon Malware Via Wink Emoji-Laced Emails

Check Point Research has discovered a significant increase in attacks using the Phorpiex Botnet in June 2020. The research firm found that the botnet has had a resurgence delivering the Avaddon Ransomware, which is a Ransomware-as-a-Service (RaaS) variant that first surfaced in early June. Delivery during the month via the botnet caused the malware to rise 13 places to become the second most widely spread malware for the month.

The malware doubled its impact on organizations globally in June compared to May. Phorpiex is known for spreading large-scale malspam campaigns, though it does distribute other malware families as well. The latest campaign using the botnet attempts to get email recipients to open a zip file attachment that uses a wink emoji in the subject. If the user clicks on the file, the ransomware is activated and scrambles data on the victim computer and demands money to decrypt the files.

The Phorpiex Botnet has infected over a million computer systems and is estimated to generate about $500,000 per year in criminal revenue. Phorpiex was also known as Trik in the past and distributed other malware that was used for mining cryptocurrency and sextortion scams. For those wondering what a sextortion scam is, it's essentially a scam attack that threatens to release supposed video of the user viewing pornography or threatens to expose browser activity of the user.

To avoid this type of malware, Check Point Research says that organizations should educate employees about how to identify malspam. In this latest attack subject line has a wink emoji in it. Organizations should also deploy security that actively prevents the sort of threat from infecting networks.

In other malware news, a major Android vulnerability surfaced in May that could allow the Strandhogg malware to pose as a legitimate app.