Phorpiex Botnet is Back With a New Twizt: Hijacking Hundreds of Crypto Transactions

By : Nata Kesuma | Sunday, December 19 2021 - 20:28 IWST

Check point research (CPR)
Check point research (CPR)

INDUSTRY.co.id - Check Point Research (CPR) has spotted a new variant of Phorpiex, a botnet known for sextortion and crypto-jacking. The new variant, called Twizt, operates without active command and control servers, meaning each computer that it infects can widen the botnet.

CPR estimates that Twizt has taken nearly half a million dollars’ worth of cyptocurrency. New features to Twizt has led CPR to believe that the botnet may become even more stable and, therefore, more dangerous.

How Twizt Works

Twizt leverages a technique called “crypto clipping”, which is the theft of cryptocurrency during transactions through the use of malware that automatically substitutes the intended wallet address with the threat actor’s wallet address. The result is that funds go into the wrong hands.

Victims

In a one-year period, between November 2020 to November 2021, Phorpiex bots hijacked 969 transactions, stealing 3.64 Bitcoin, 55.87 Ether, and $55,000 in ERC20 tokens. The value of the stolen assets in current prices is almost half a million US dollars. Several times, Phorpiex was able to hijack large amounts transactions. The largest amount for an intercepted Ethereum transaction was 26 ETH.

Alexander Chailytko, Cyber Security Research & Innovation Manager at Check Point Software shares “There are three main risks involved with the new variant of Phorpiex. First, Twizt uses peer-to-peer model and is able to receive commands and updates from thousands of other infected machines. A peer-to-peer botnet is harder to take down and disrupt its operation. This makes Twizt more stable than previous versions of Phorpiex bots. Second, as well as old versions of Phorpiex, Twizt is able to steal crypto without any communication with C&C, therefore, it is easier to evade security mechanisms, such as firewalls in order to do damage. Third, Twizt supports more than 30 different cryptocurrency wallets from different blockchains, including major ones such as Bitcoin, Ethereum, Dash, Monero. This makes for a huge attack surface, and basically anyone who is utilising crypto could be affected. I strongly urge all crypto currency users to double check the wallet addresses they copy and paste, as you could very well be inadvertently sending your crypto into the wrong hands.”

Security Tips

Check wallet address. When users copy and paste a crypto wallet address, always double check that the original and pasted addresses match.

Test transactions. Before sending large amounts in crypto, first send a probe “test” transaction with minimal amount.

Stay updated. Keep operating system updated, do not download software from unverified sources.

Skip the ads. If you are looking for wallets or crypto trading and swapping platforms in the crypto space, always look at the first website in your search and not in the ad. These may mislead you as CPR has found scammers using Google Ads to steal crypto wallets.

Look at URLs. Always double-check the URLs!

News Comment

Today's Industry

 Mr. Nguyen Trung Khanh, Chairman of the Vietnam National Administration of Tourism.

Selasa, 16 Agustus 2022 - 08:50 WIB

Mekong Tourism Forum 2022: Rebuild Tourism, Rebound with Resilience Quang Nam, Vietnam, 12 – 13 October 2022

The Mekong Tourism Forum 2022 will return as a face-to-face event 9-14 October at Hoiana Resort & Golf (Hoiana), Quang Nam province, adjacent to Hoi An city, in central Vietnam.

President Jokowi receives an award from Director General of the International Rice Research Institute Jean Balié, at the State Palace, Jakarta, Sunday (08/14). (Photo by: BPMI of Presidential Secretariat/ Kris)

Selasa, 16 Agustus 2022 - 08:30 WIB

IRRI Affirms Commitment to Support Indonesia’s Food Security

The International Rice Research Institute (IRRI) affirmed its commitment to support Indonesia’s food security program.

(L – R) Galumbang Menak, CoFounder of Nusatrip and Dennis Nguyen, Founder, Chairman, and Chief Executive Officer of Society Pass

Senin, 15 Agustus 2022 - 23:20 WIB

Society Pass (Nasdaq: SoPa) Marks First Foray into Indonesia by Acquiring Jakarta-based NusaTrip, Indonesia’s First International Air Transport Association-Accredited Online Travel Agency

The NusaTrip acquisition extends SoPa’s business reach into the booming SEA regional travel industry and marks SoPa’s first foray into Indonesia as well as adds to SoPa’s growing ecosystem…

PT Cerestar Indonesia Tbk (“TRGU”)

Senin, 15 Agustus 2022 - 22:59 WIB

Newly IPO, TRGU Has Reached 99% of the 2022 Net Profit Target

PT Cerestar Indonesia Tbk (“TRGU”), a producer of wheat flour which newly listed its shares on the Indonesia Stock Exchange last July, managed to record a net profit of IDR19.69 billion…

PT KapuasPrima Coal Tbk (“ZINC”)

Sabtu, 13 Agustus 2022 - 07:09 WIB

ZINC Boosts High Grade Galena Production

PT KapuasPrima Coal Tbk (“ZINC”), a listed company in Indonesia that produces base metal, boosted production with a target of high levels of galena in the 2nd Semester of this year in order…