Phorpiex malware operators shut down the botnet and put its source code up for sale on a cybercrime forum. The code is being offered for $9,000.
According to the website, the reason for the sale is that none of the original authors of the malware are involved in the project anymore.
Check Point specialist Alexei Bukhteev confirmed that the ad was accurate. According to him, the Phorpiex management servers have not been active for over two months. The last time the servers received a command to self-delete was July 6. Since then, the botnet has disappeared from experts' sight.
"We know that the source code is private and has not been offered for sale before, so this announcement on the forum looks really plausible," Bukhteev said in a conversation with The Record's reporter.
Although Phorpiex's C&C servers are currently inactive, anyone who buys the source code could set up their servers and gain access to infected devices, the specialist warned.
"There are quite a few infected machines = active bots. We can't say exactly how many, but we see attacks on our gateways all the time," the expert said.
In addition, the bot architecture allows the operator to passively make money from spoofing addresses in cryptocurrency wallets even without active C&C servers.
At the moment, it is unclear whether anyone has already purchased the source code of Phorpiex.