Researchers at the security provider Check Point have analyzed a malware campaign that originates from the Phorpiex botnet. Accordingly, the botnet’s activities increased significantly in June compared to the previous month, so that it improved from 13th to 2nd place in the ranking of the most active botnets. The backers are currently trying to spread the Avaddon ransomware using spam emails.
Phorpiex is generally known for the spread of malware and unwanted emails. Ransomware has also already been offered, as well as malware for mining cryptocurrencies. However, the Avaddon ransomware first appeared there in June. The ransomware looks for victims with phishing messages to which a ZIP file is attached. The subject line also entices with a waving emoji.
According to the Check Point figures, around two percent of all companies were recently affected by the Avaddon campaign – despite the apparently easy-to-understand procedure of the cybercriminals. “Organizations should educate employees about how to detect malware spam, such as the recent campaign that speaks to users with a wink emoji, and make sure they take security measures that actively prevent them from infect their networks, ”says the Check-Point blog.
However, Phorpiex wasn’t the biggest threat to businesses in June. Check Point awarded this title to the Remote Access Trojan Agent Tesla. He steals information and records keystrokes. This gives attackers access to confidential data such as user names, passwords, browser history and system information – data that may allow a network to be compromised.
Cryptominer XMRig and representatives of the malware families Dridex, Trickbot, Ramnit and Emotet also took the top ten. Trickbot and Emotet in particular are often just the start of a major ransomware attack.
These pests, which have often been in circulation for years, often get into a system via security gaps that have not been closed. The timely installation of updates thus offers the best protection against this and other malware.