Select Page

Cryptocurrency users in Ethiopia, Nigeria, India, Guatemala, and the Philippines are being targeted by a new variant of the Phorpiex botnet called Twizt that has resulted in the theft of virtual coins amounting to $500,000 over the last one year.

Israeli security firm Check Point Research, which detailed the attacks, said the latest evolutionary version “enables the botnet to operate successfully without active [command-and-control] servers,” adding it supports no less than 35 wallets associated with different blockchains, including Bitcoin, Ethereum, Dash, Dogecoin, Litecoin, Monero, Ripple, and Zilliqa, to facilitate crypto theft.

Phorpiex, otherwise known as Trik, is known for its sextortion spam and ransomware campaigns as well as cryptojacking, a scheme that leverages the targets’ devices such as computers, smartphones, and servers to secretly mine cryptocurrency without their consent or knowledge.

It’s also infamous for its use of a technique called cryptocurrency clipping, which involves stealing cryptocurrency in the process of a transaction by deploying malware that automatically substitutes the intended wallet address with the threat actor’s wallet address. Check Point said it identified 60 unique Bitcoin wallets and 37 Ethereum wallets used by Phorpiex.

images from Hacker News