Established variants of botnets and malware are participating in a new campaign to infect the company with GandCrab ransomware.
Phorpiex / Trik is not refined. Please do not confuse with Trojan TrickBot Trojan horse. Malware was first discovered in 2016 and distributes malicious payloads such as GandCrab, Pushdo, Pony, malware.
This malware focuses on infecting Windows devices and attempting to infect with USB sticks, removable storage, and spam.
"Phorpiex has existed for several years and has not changed the purpose, function, and code much," researchers at Inquest says. "Malware itself is not incredibly progressive, there are few evasive methods, and it is often not compressed during delivery, dropping files onto disk or using strings is not very subtle.
SecurityScorecard security researchers have not changed for years, but discovered new variants of malware that focused on introducing ransomware for organizations around the world.
Target variants can target PCs and endpoints in the enterprise network that use server side remote access applications of unimplemented protocols.
"As more companies offer remote employee options to employees, they can run these applications on many enterprise endpoints," the company says.
Phorpiex / Trik accesses Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC) endpoints via port 5900 over the Internet and is subject to indiscriminate brute force attacks.
The botnet will test user and weak password combinations such as "12345678", "admin", "qwerty", "servidor", "vnc 123" If weak credentials are used and the protocol is not properly implemented, the botnet will break into the system and use the endpoint to install malware on the corporate network.
SecurityScorecard threat information director Paul Gagliardi said in an interview with ZDNet it is GandCrab, a particularly harmful form of ransomware that is recruiting tens of thousands of victims around the world.
Once this ransomware lineage infects the system, the file is …
Hope you like the news Phorpiex worm pivots to infect the enterprise with GandCrab ransomware. Stay Tuned For More Updates 🙂