A decade-old botnet malware that currently controls over 450,000 computers worldwide has recently shifted its operations from infecting machines with ransomware or crypto miners to abusing them for sending out sextortion emails to millions of innocent people.
Extortion by email is growing significantly, with a large number of users recently complaining about receiving sextortion emails that attempt to extort money from individuals by blackmailing them into exposing their sexual content.
Though until now, it wasn’t clear how scammers were sending such massive amounts of emails without getting blacklisted by the email providers, security researchers from CheckPoint finally found the missing block in this puzzle.
In its latest report shared with The Hacker News prior to the release, Tel Aviv-based security firm CheckPoint reveals that a botnet, called Phorpiex, has recently been updated to include a spam bot designed to use compromised computers as proxies to send out over 30,000 sextortion emails per hour—without the knowledge of the infected computers’ owners.
How Does Phorpiex Spam Bot Work?
The spambot module of Phorpiex downloads the list of its targets/receipts’ email addresses from a remote command-and-control server and uses a simple implementation of the SMTP protocol to send sextortion emails.
To intimidate innocent recipients, criminals behind these sextortion campaigns also add one of the victims’ online passwords in the subject line or content of the sextortion email, making it more convincing that hacker knows their passwords and might have access to their private content.
In reality, these combinations of email addresses and passwords of recipients were curated from various previously compromised databases. So, the passwords displayed to the victims don’t necessarily belong to their email accounts; it could be old and related to any online service.
The same sextortion campaign powered by similar or the same botnet has also been named as “Save Yourself” malware attacks by other teams of researchers.
In over five months, cybercriminals behind this campaign have made more than 11 BTC, equivalent to approximately $88,000. Though the figure is not huge, researchers say the actual revenue made by the hackers could be larger, as they did not monitor the sextortion campaigns in the years before.