In a new report by Check Point Research, researchers show how the Phorpiex botnet is being used to distribute millions of sextortion emails and are generating a tidy sum doing so.
For those who are not familiar with sextortion spam, they are emails that pretend to be from a hacker who states they installed software on your computer and was able to video you while on porn sites. They then demand anywhere between $300 USD to $5,000 USD in bitcoins or they will send the video to all of your contacts.
Sextortion emails stating that your computer was hacked and video was created of you on porn sites have become so common that many ignore them and treat them simply as another spam. That does not mean, though, that they are not profitable as a new report shows that the attackers are generating a decent revenue stream by utilizing infected PCs to do their dirty work.
Some of the campaigns also use email databases that include associated passwords that were revealed in data breaches. These passwords are added to the sextortion emails to add further legitimacy to the hacker’s claims.
“The most interesting feature of the last spam campaigns is that Phorpiex/Trik spam bot uses databases with leaked passwords in combination with email addresses. A victim’s password usually included in a spam email message to make it more persuasive and show that password is known to the attacker. To shock the victim a spam message starts from the string with the password”
When sending the spam, Phorpiex will create 15,000 threads that are each individually used to send spam. Due to the large amount of active threads sending email at one time, Check Point estimates that a single infected device can send up to 30,000 sextortion emails per hour.
With this type of volume, the sextortion emails have been quite profitable for the Phorpiex botnet.