Skip to content ↓ | Skip to navigation ↓

The Phorpiex botnet earned the notorious designation of “most wanted malware” for the month of November 2020.

In its Global Threat Index for November 2020, Check Point Research revealed that it had observed a surge in new Phorpiex botnet infections that had affected four percent of organizations globally.

This threat activity enabled Phorpiex to return to Check Point Research’s monthly malware list for the first time since June 2020. It also succeeded in pushing the threat to the top of that roundup.

Discovered in 2010, Phorpiex has a history of distributing other malware families such as GandCrab ransomware along with sextortion scams.

The attacks detected by Check Point Research involved Avaddon ransomware as the botnet’s payload. Such activity could be the result of the crypto-malware gang’s growing affiliate program. As explained by the security firm:

Avaddon is a relatively new Ransomware-as-a-Service (RaaS) variant, and its operators have again been recruiting affiliates to distribute the ransomware for a cut of the profits. Avaddon has been distributed via JS and Excel files as part of malspam campaigns and is able to encrypt a wide range of file types.

Behind Phorpiex came Dridex and Hiddad. The former is a trojan that reportedly uses spam email attachments for distribution in order to steal information off of and execute arbitrary modules on infected Windows machines. The latter is an Android threat that conceals itself within repackaged mobile apps offered on third-party app marketplaces in order to display ads to its victims.

The Global Threat Index for November 2020 found that both Phorpiex and Dridex had affected three percent of organizations globally.

A screenshot from Check Point Research’s Global Threat Index for November 2020.

This news highlights the need for organizations to defend themselves against threats such as Phorpiex, Dridex and Hiddad.

They can do so by familiarizing themselves with some of the most common types of phishing attacks that are in circulation today and taking steps to prevent a ransomware infection. They can also invest in a solution that can help to identify suspicious files within a quarantined environment.