The Source Code of the ‘Phorpiex’ Botnet Was Made Available for Purchase

Published on August 28, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

It looks like the ‘Phorpiex’ botnet has been shut down, and the operators of the malware have made the project’s source code available for purchase on the dark web. The reason given by the poster is allegedly the one original authors and operators of Phorpiex have left the project, and those holding it right now have no interest in continuing. The darknet post was spotted by Cyjax, a cyber-intelligence firm, who has posted the following screenshot on Twitter.

Source: Cyjax | Twitter

As explained by the poster/seller, the price for buying the Phorpiex source code is $9,000, and this includes access to all the systems where the botnet has nested already. This is an important aspect of the deal as Phorpiex is a crypto-jacking worm whose purpose is to make money for its operators by running XMRIG miners on the host or redirecting crypto transactions to actor-controlled wallets. These are not the only money-making method for its operators, as we’ve seen cases of sextortion too. As such, the sale is presented as an investment, but as with all investments, this one comes with dire risks.

TheRecord has spoken with a researcher from Check Point who has been tracking the particular botnet lately, and he confirmed that Phorpiex has already been infiltrated by analysts and hijacked by third parties who are looking to deploy their own payloads. As such, buying it has no guarantees that it will generate enough to make the investment and the legal risks worth it. The researcher further stated that Phorpiex has remained dormant since July 6, 2021, so its status is now doubtful, and the number of active infections is debatable.

The last time that Phorpiex showed a strong heartbeat was in May when Microsoft warned about an evolutionary development in the botnet that enabled it to carry more payloads and target more countries. That report presented evidence of collaboration with ransomware groups such as the now-defunct “Avaddon” and defined the profits for the group at roughly $1,300 per day. These days of glory are over now, and the promise of passing them to a new beneficiary for only $9k is pretty unconvincing.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: