Experts reported the resurgence of the Phorpiex botnet, in one year it allowed to steal crypto assets worth of half a million dollars.

Experts at Check Point Research have monitored the resurgence of the Phorpiex botnet, an old threat that was involved in sextortion spam campaigns, crypto-jacking, cryptocurrency clipping (substituting the original wallet address saved in the clipboard with the attacker’s wallet address during a transaction) and ransomware attacks in the past.

The new variant, dubbed “Twizt,” could operate without active C2 servers in peer-to-peer mode. Each of the infected computers can act as a server and send commands to other bots in a chain. Experts estimated that in one year it allowed to steal crypto assets worth of 500,000 dollars.

The botnet has been active since at least 2016, but in August the criminal organization behind the Phorpiex botnet have shut down their operations and put the source code of the bot for sale on a cybercrime forum in on a dark web.