Pierluigi Paganini August 28, 2021

Crooks behind the Phorpiex botnet have shut down their operations and put the source code for sale on the dark web.

The criminal organization behind the Phorpiex botnet have shut down their operations and put the source code of the bot for sale on a cybercrime forum in on a dark web.

The news was reported by The Record after that experts from security firm Cyjax noticed an ad posted by a crook that was involved in the botnet’s operation in the past.

The decision to sell the source code comes from the consideration that the two original authors of the malware have left the operations.

“As I no longer work and my friend has left the biz, I’m here to offer Trik (name from coder) / Phorpiex (name for AV firms) source for sell [sic],” the individual said today in a forum post spotted by British security firm Cyjax.” reads the ad published The Record.

The main bot and all modules are written in C++, authors claim that the bot nor modules trigger any firewall / UAC prompts.

The Record, with the help of CheckPoint malware researcher Alexey Bukhteyev, confirmed that the ad is valid.

The researchers confirmed that the source code of the bot hasn’t been sold before

Bukhteyev pointed out that even if the C&C servers for the botnet are down, who will buy the code we will be able to set up new ones and take control over the previously infected systems.

At the time of this writing, it is not clear how many infected machines are still active.Bot works fine on 32 and 64 bit

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Phorpiex botnet)

[adrotate banner=”5″]

[adrotate banner=”13″]