Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Phorpiex Botnet’s Evolving Threats: Ransomware and More

Phorpiex Botnet’s Evolving Threats: Ransomware and More

Posted on April 3, 2026 By CWS

Phorpiex, a botnet operational since 2011, remains a significant cybersecurity threat through its continuous evolution. Known also as Trik, this botnet has expanded from a simple spam network into a comprehensive criminal operation. It now facilitates ransomware attacks, sextortion scams, and crypto-clipping malware, affecting numerous users globally.

The recent iteration of Phorpiex, named the Twizt variant, presents a formidable challenge for cybersecurity experts. By integrating traditional command-and-control (C2) servers with a peer-to-peer (P2P) network, it ensures its operations persist even if some servers are taken down. This decentralized approach enables infected devices to communicate directly, making the botnet more resilient.

Global Impact and Reach

Phorpiex has been detected on an estimated 70,000 to 80,000 devices daily, with over 1.7 million unique IP addresses identified in the past three months. The most impacted regions include Iran, Uzbekistan, China, Kazakhstan, and Pakistan, according to reports by Bitsight.

Bitsight researchers highlight Phorpiex’s engagement in three primary criminal activities: ransomware distribution, sextortion email campaigns, and real-time crypto wallet theft. Their data shows approximately 125,000 active infections daily, with a significant portion linked to the botnet’s P2P network.

Ransomware Campaigns and Sextortion Tactics

Phorpiex’s ransomware operations have intensified. In October 2025, it was utilized to deploy LockBit Black ransomware within corporate networks utilizing Windows domains. In January 2026, a new ransomware strain similar to the Global ransomware family targeted devices in China, verifying locations via a public IP-lookup API before executing attacks.

Moreover, Phorpiex conducts large-scale sextortion scams. These fraudulent emails threaten recipients with fabricated evidence of webcam recordings on adult sites, demanding $1,800 in Bitcoin to suppress the supposed footage. These intimidating messages have been circulating since at least 2023, with ransom amounts increasing over time.

Persistent Infections and Evasion Techniques

Once a device is compromised, Phorpiex secures its presence by embedding itself into system directories and creating autorun entries for persistence. Additionally, it propagates through USB drives and shared network folders by deploying a hidden executable, DrvMgr.exe, and a disguised .lnk file.

To evade detection, Phorpiex masquerades as a legitimate program by adding itself to the Windows Firewall’s permitted list under “Microsoft Corporation.” It employs API Hashing and constructs suspicious strings in memory to bypass static security tools. Commands are encrypted with a 256-byte RSA header, ensuring only the botnet operator can issue instructions.

Organizations are urged to take precautions against Phorpiex. This includes blocking known C2 IP addresses, monitoring for unauthorized autorun changes, and restricting USB device use. Disabling UPnP on routers and maintaining updated systems can further mitigate risks. Indicators of compromise and associated cryptocurrency wallet addresses are available on Malware Bazaar under the tag dropped-by-phorpiex.

Stay informed with our updates by following us on Google News, LinkedIn, and X. Set CSN as a preferred source on Google for instant notifications.

Cyber Security News Tags:BitSight, Botnet, C2 servers, Cryptocurrency, Cybersecurity, Malware, P2P network, Phorpiex, Ransomware, Sextortion, Twizt variant

Post navigation

Previous Post: Cybersecurity News: Key Breaches and Threats Uncovered
Next Post: Addressing Third-Party Risks: A Key Security Challenge

Related Posts

Pakistani Actors Built 300+ Cracking Websites Used to Deliver Info-Stealer Malware Pakistani Actors Built 300+ Cracking Websites Used to Deliver Info-Stealer Malware Cyber Security News
Vidar 2.0 Malware Targets Gamers via Fake Cheats Vidar 2.0 Malware Targets Gamers via Fake Cheats Cyber Security News
Muddled Libra Exploits VMware vSphere in Cyber Attack Muddled Libra Exploits VMware vSphere in Cyber Attack Cyber Security News
Threat Actors Using Weaponized AV-themed Word and PDF Documents to Attack Israeli Organizations Threat Actors Using Weaponized AV-themed Word and PDF Documents to Attack Israeli Organizations Cyber Security News
Microsoft Releases Emergency Fix for BitLocker Recovery Issue Microsoft Releases Emergency Fix for BitLocker Recovery Issue Cyber Security News
AI-Powered Zero-Day Exploits Raise Cybersecurity Concerns AI-Powered Zero-Day Exploits Raise Cybersecurity Concerns Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Major Cybersecurity Incidents: Canadian Hacker, ATM Fraud
  • Top Post-Quantum Cryptographic Solutions for 2026
  • Armored Likho’s BusySnake Threatens Government and Energy Sectors
  • Scammers Exploit Brand Trust to Lure Casino Traffic
  • FBI Alerts on TeamPCP’s Widespread Developer Tool Attacks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Major Cybersecurity Incidents: Canadian Hacker, ATM Fraud
  • Top Post-Quantum Cryptographic Solutions for 2026
  • Armored Likho’s BusySnake Threatens Government and Energy Sectors
  • Scammers Exploit Brand Trust to Lure Casino Traffic
  • FBI Alerts on TeamPCP’s Widespread Developer Tool Attacks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark