CheckPoint: Phorpiex is back as the most prevalent malware, impacting 4% of organizations globally. The botnet is distributing the Avaddon ransomware as a RaaS, and threat actors are recruiting affiliates

Phorpiex is back as the most prevalent malware, impacting 4% of organizations globally. It has been denounced by CheckPoint cybersecurity experts. The botnet was first reported in 2010, and at its peak controlled more than a million infected hosts. Known for distributing other malware families via spam as well as fueling large-scale “sextortion” spam campaigns and cryptomining, Phorpiex has again been distributing the Avaddon ransomware. This is a relatively new Ransomware-as-a-Service (RaaS) variant, and its cybercrime operators have again been recruiting affiliates to distribute the ransomware for a cut of the profits. Avaddon has been distributed via JS and Excel files as part of malspam campaigns and is able to encrypt a wide range of file types.