Threat actors claim to be selling the source code for the infamous Trik botnet (aka Phorpiex) in antivirus (AV) circles. This C++ botnet has a set of modules that make it a powerful threat to cyber security.
The sale was announced by ThreatMon on social media, raising concerns among cybersecurity experts and organizations around the world.
Main features of the bot
The Trik botnet is a persistent HTTP loader with multiple malicious capabilities. Unlike many other botnets, it does not require a control panel, making it more difficult to detect and dismantle.
The botnet contains a crypto clipper, a USB emitter and a PE infector designed to target a variety of cryptocurrency wallets.
One of the most concerning features is its ability to protect itself from detection by most antivirus software and remain completely undetectable (FUD).
The loader checks the file on the server every 30 minutes and only decrypts and executes it if the signature is correct. This mechanism ensures that only authorized files are executed, further complicating detection and removal.
The PE infector works with x86 and x64 PE executable files and spreads by embedding a downloader shellcode in these files.
Join our free webinar to learn how to combat today’s biggest threat: slow DDoS attacks.
Modules and Additional Threats
The Trik botnet also contains several modules that power its malicious functionality, one such module is a VNC bruteforcer that scans spawned IPs for open VNC ports (5900) and attempts to gain access using encoded credentials.
This module could allow an attacker to gain unauthorized access to remote systems, posing significant risk to individuals and organizations.
Another module, USB Emitter, creates a link with an icon on the USB drive and creates a hidden folder with all user items, which can spread the infection to any system that has a USB drive plugged in, further expanding the botnet.
The sale of the Trik botnet source code clearly illustrates the evolution of threats in the cybersecurity field: this botnet has advanced capabilities and modules, posing a significant risk to digital security.
To protect themselves against such advanced threats, organizations and individuals must remain vigilant and strengthen their cybersecurity measures.
AI-powered security to protect your business emails against spoofing, phishing, and BEC | Free demo
