The anonymous hero who is removing Phorpiex malware from infected PCs

Phorpiex (Trik) is the name of the malicious program designed to send spam (mainly sexual extortion emails) from infected computers. Research shows that in the past it was used to spread other malware (such as GandCrab, Pony, etc.)

Sextortion emails that indicate that your computer was hacked and that a video of you was created on pornographic sites have become so common that many ignore them and treat them simply as another spam. However, that does not mean that they are not profitable, since a new report shows that the attackers are generating a decent income stream by using infected PCs to do their dirty work.

Phorpiex, one of the most widespread malware in recent times, is suffering an unexpected setback. Someone has managed to infiltrate Phorpiex's own spam-bot system and now it doesn't stop killing the virus on all the computers where it is present. It not only uninstalls the virus, but leaves a message to its users advising them to install an antivirus.

Phorpiex is one of the largest SPAM networks that currently exist. Its operation is based on infecting Windows computers from which it is dedicated to send SPAM campaigns in bulk. At the same time, these campaigns manage to infect more computers, but not only infect with their own malware, but also with that of other organizations in exchange for money.

They are basically a means of spreading malware, profitable thanks to its huge propagation network. Network that is getting smaller right now.

Check Point has been the first to alert these messages that are appearing on the PCs of infected users. And everything seems to indicate that it is a "hijacking" of malware by a third party, although initially it was thought that it was an internal joke of the creators of Phorpiex. But no, the virus is really uninstalled from the infected computer.

Who is this anonymous hero who is slowly liquidating Phorpiex?

It's the question that security experts are asking right now. If malware is leaving infected computers progressively, several theories arise. It may be that someone has taken justice on their own, has managed to enter the Phorpiex system and is now slowly killing it from within. It can also be a rival Phorpiex malware that wants to sabotage the botnet.

As several analysts have commented, they opt for one of these two options. They indicate that the system through which Phorpiex is mounted is somewhat chaotic and it would not be surprising if someone has managed to penetrate it. In fact, they believe that this has already happened in the past, so it would not be the first time that the infected person has been infected.

There is a third option that should not be ruled out, it is the possibility that whoever is behind Phorpiex has simply decided to set aside the action and is voluntarily shutting down the malware network. But this costs more to believe, especially if we see that the SPAM network achieved in only five months US $ 115,000 in benefits.

Anyway, it would not be the first case in which Phorpiex operations suffer a setback: in 2018, one of the servers that allowed to operate the botnet was exposed, and cybersecurity researchers were able to recover a list of 43.5 million of email address that were being victims of botnet spam.