Malware sending 30,000 ‘sextortion’ emails per hour: Checkpoint report | HT Tech

Malware sending 30,000 ‘sextortion’ emails per hour: Checkpoint report

Hackers are using these sextortion mails to demand blackmail payment from users.

| Updated on: Oct 17 2019, 16:33 IST
Hackers using malware to send sextortion mails and blackmail users.
Hackers using malware to send sextortion mails and blackmail users. (Getty Images/iStockphoto)

A malware is sending 30,000 sextortion emails per hour after taking over people's inboxes and have, till date, sent 27 million such emails to innocent persons with a threat to expose sexual content captured via their webcams for blackmail payments.

Global cybersecurity company Check Point on Thursday said after a five-month research project, it exposed Phorpiex (aka Trik) botnet that is using people to unknowingly send 30,000 sextortion emails per hour.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
34% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

"In the 5-month period that we have been monitoring this operation, we recorded transfers of more than 11 BTC to the wallets of Phorpiex sextortion - currently over $110,000," said the company.

Also read
Looking for a smartphone? To check mobile finder click here.

The sheer speed and volume of emails being generated is staggering, it added.

"The idea behind sextortion is simple - an email demands blackmail payment threatening to expose sexual content relating to the recipient if not obeyed. Many of us received such emails or know others that have," said researchers Gil Mansharov and Alexey Bukhteyev.

The botnet under study uses thousands of infected hosts under its control to deliver millions of threats to innocent recipients. Phorpiex (aka Trik) botnet has been active for almost a decade and currently operates more than 450,000 infected hosts. In the past, Phorpiex monetized mostly by distributing various other malware families including GandCrab, Pony, Pushdo and used its hosts to mine cryptocurrency utilizing various cryptominers.

"Recently, Phorpiex has added a new form of revenue generation to its abilities; A spam bot described in the following article is used by Phorpiex to run large-scale sextortion campaigns," the findings showed.

This is how the botnet works.

It uses a spam bot that downloads a database of email addresses from a command and control (C&C) server. Then, an email address is randomly selected from the downloaded database, and a message is composed from several hardcoded strings. The spam bot can produce a large amount of spam emails - up to 30,000 per hour. Each individual spam campaign can cover up to 27 million potential victims.

"The most interesting feature of the last spam campaigns is that Phorpiex/Trik spam bot uses databases with leaked passwords in combination with email addresses," said the researchers.

"A victim's password usually included in a spam email message to make it more persuasive and show that password is known to the attacker. To shock the victim a spam message starts from the string with the password," they added.

Leaked credential lists, containing passwords that are often not compatible with their linked email addresses, are a common inexpensive commodity.

"Phorpiex, a veteran botnet, has found a way to use them to generate a low maintenance, easy income on a long-term basis and is continuously propagating sextortion emails - in the millions," the researchers noted.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 17 Oct, 16:26 IST