wave of retirements among cybercriminals?

Published by Jonathan Brown on August 28th, 2021 11:31am. 38 views.

Between the apparent disappearance of Russian Cybercriminal group rEvil... and the recent shutdown and sale of code by Phorpiex botnet authors... one begins to wonder if non-StateActor cybercriminal groups are being quietly "taken down" by civil and military authorities, and/or simply retiring to enjoy their ill-gotten gains before they find themselves faced with stiff prison sentences!  Here is an atircle stolen from "Dark Reading" website by infosecurity-magazine...who stole it, verbatim, from Pierluigi Paganini... who's motto is "Yeah, Please steal my shit" ...  lol.... concerning the Phorpiex situation...

I invite you to start, or join into any discussion of my blogposts, hosted by Disqus, at https://www.borderelliptic.com/VectorBlog.html  !! Thanks!

"Crooks behind the Phorpiex botnet have shut down their operations and put the source code for sale on the dark web.

The criminal organization behind the Phorpiex botnet have shut down their operations and put the source code of the bot for sale on a cybercrime forum in on a dark web.

The news was reported by The Record after that experts from security firm Cyjax noticed an ad posted by a crook that was involved in the botnet’s operation in the past.

The decision to sell the source code comes from the consideration that the two original authors of the malware have left the operations.

“As I no longer work and my friend has left the biz, I’m here to offer Trik (name from coder) / Phorpiex (name for AV firms) source for sell [sic],” the individual said today in a forum post spotted by British security firm Cyjax.” reads the ad published The Record.

The main bot and all modules are written in C++, authors claim that the bot nor modules trigger any firewall / UAC prompts.

The Record, with the help of CheckPoint malware researcher Alexey Bukhteyev, confirmed that the ad is valid.

The researchers confirmed that the source code of the bot hasn’t been sold before

Bukhteyev pointed out that even if the C&C servers for the botnet are down, who will buy the code we will be able to set up new ones and take control over the previously infected systems.

At the time of this writing, it is not clear how many infected machines are still active."

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Phorpiex botnet)