The Malware Is Reportedly Sending 30,000 Sextortion Emails Per Hour

On October 17, the cybersecurity company Check Point reports that malware has sent up to 30,000 sextortion emails each hour after it took over inboxes. Till now, it has made use of sexual content taken from email owners’ webcams and sent about 27 million emails to blackmail victims.

Check Point conducted a research project within 5 months and detected a botnet called Phorpiex or Trik has sent 30,000 sextortion emails each hour to users while they are unaware. The company said:

Check Point claimed that the volume and speed of such email has continued rapidly increasing.

According to researchers Alexey Bukhteyev and Gil Mansharov:

The botnet Phorpiex has delivered a countless number of threats to recipients via infected hosts. It has been reportedly operated for nearly 10 years and controlled over 450,000 hosts. Back in the past, it largely distributed a variety of malware families such as Pushdo, Pony, and GandCrab. Also, its infected hosts helped it mine cryptocurrency via cryptominers. The report pointed out:

When it comes to its operation, the malware runs a spam bot to download a database including many email addresses via a command & control server. Accordingly, it selects an email address randomly from the database and composes a message containing lots of hardcoded strings. More importantly, Phorphiex can compose up to 30,000 spam emails per hour. Therefore, it comes as no surprise that the number of its victims for each spam campaign can reach  27 million. According to the researchers:

As such, the veteran botnet is capable of finding how to exploit credential lists and passwords to produce low maintenance and deliver millions of sextortion emails.