None of the original authors of the malicious code are participating in the project anymore.
Operators of the Phorpiex malware shut down the botnet and put its source code up for sale on one of the cybercriminal forums. The code is offered at a price of $ 9 thousand.
According to a posting on the site, the reason for the sale is that none of the original authors of the malicious code is participating in the project anymore.
Check Point specialist Alexey Bukhteev confirmed the accuracy of the advertisement. According to him, the Phorpiex C&C servers have been inactive for more than two months. The last time the servers received a command to delete themselves was on July 6 of this year. Since then, the botnet has disappeared from the field of view of specialists.
“We know that the source code is private and has not been put up for sale before, so this announcement on the forum looks really believable,” Bukhteev said in an interview with the journalist of The Record.
Although Phorpiex’s C&C servers are currently inactive, whoever buys the source code will be able to configure their servers and access infected devices, the specialist warned.
“There are quite a few infected machines = active bots. We cannot say exactly how many, but we constantly observe attacks on our gateways, ”the expert says.
In addition, the bot architecture allows the operator to passively earn money by spoofing addresses in cryptocurrency wallets, even without active C&C servers.
It is unclear at this point if anyone has already purchased the Phorpiex source code.
Catch up on more articles here
Follow us on Twitter here