An old botnet has learned new tricks. It’s leveraging our fear of privacy invasion via webcam to scam people with an email spam attack.
Cyber-security firm Check Point is detailing the latest evolution of the Phorpiex botnet (also known as Trik) into a sextortion attack. The attacking malware spams victims with emails claiming to have compromising videos of them and demanding payment or else the photos will be released into the wilds of the web.
According to Check Point, the Phorpiex bot downloads an email database from a command and control server, randomly selects an email address from the database, and sends its spam message to the address, claiming to have the victim’s private data and a video of the victim “SATISFYING YOURSELF” via the victim’s webcam.
But the bot ups the spam game by using databases that include leaked passwords and including those in the email, thus making the attack seem more authentic to victims. The email, of course, demands payment via Bitcoin to prevent the alleged video from being spread.
The breadth of the operation is breathtaking; Check Point says the bot can shoot out up to 30,000 of these emails per hour and each campaign could affect up to 27 million users in total. According to the firm, the scam has a transfer of 14 Bitcoins in the five months they’ve been tracking it, which, as of Wednesday, is worth a little over $111,000.
Alexey Bukhteyev, Reverse Engineer at Check Point, told ZDNet that the emails exploited thus far were available in the Have I Been Pwned database, a growing collection of email addresses whose passwords have been affected by various hacks and breaches.
Phorpiex has previously been used to spread ransomware such as Gandcrab and the malware attack known as Pony. This new sadistic twist is simply the bot upping its game and a reminder to up your own password security game, remain skeptical of anything that might seem like a spam email, and, hey, cover your webcam while you’re at it.
Just in case.