The crypto clipper changes the recipient addresses when sending cryptocurrency

​Phorpiex a new malicious botnet has been discovered

17.12.2021 - 12:20


1 min

What’s new? Check Point Research (CPR), a cyberthreat research company, reports a new variant of Phorpiex, a botnet known for spamming, extortion, and cryptocurrency theft. The new variant, dubbed Twizt, has stolen more than $500 000 worth of cryptocurrency in a year.

Link to the CPR material

How does Twizt work? According to CPR, the botnet uses a technique called “cryptocurrency clipping.” The malware replaces the recipient's wallet address with that of the attacker. Twizt operates without active management and control servers, meaning that each infected computer can expand the botnet. Since the botnet uses a peer-to-peer model, it can receive the commands and updates from other devices hosting the virus.

How much did the attackers manage to steal? Between November 2020 and November 2021, Phorpiex bots hijacked 969 transactions. The hackers stole 3,64 BTC, 55,87 ETH, and $55 000 in ERC20 tokens. The largest intercepted transaction was 26 ETH.

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy