Name of Malware: Phorpiex (Trik)

Type of Malware: Computer worm, backdoor, downloader

Affected Operating Systems: Windows

Affected Device Types: PCs, laptops

Impact: high

What is Phorpiex?

Phorpiex is a computer worm: a malicious program that can duplicate and disseminate itself independently. It also has a number of other malicious functions, including the ability to make contact with a control system and receive further commands from there.

To do this, Phorpiex opens a backdoor to the infected device. Through this backdoor, the attacker can gain access to the system and perform other actions. The malware is capable of a wide range of attack types, from information theft to downloading other malware.

How did I get infected with Phorpiex?

Phorpiex spreads in a number of different ways.

Systems can be infected with Phorpiex when a user opens a malicious e-mail attachment. The malware is hidden in a file that appears harmless. The attachments are often named using words such as invoice or reminder to deceive the user into unsafe actions.

Links to websites that have been hacked by criminals may also be used instead of attachments. The attackers hide malicious scripts on these websites. The scripts are used to download and install the malware without the user's consent.

Phorpiex also spreads via links in text/Messenger messages.

Systems that can be accessed via the Internet may fall victim to brute force attacks. The likelihood of third parties gaining access to these systems increases when user accounts are not adequately protected, when the firmware is out of date, or when the admin password is weak.

Phorpiex copies itself to all available removable media and network drives. When the infected media or drives are connected to a new system, the copy is run via an autostart configuration. This action spreads the malware further.

What do I have to do now?

As the Phorpiex malware takes full control of the system and often hides your files, you may need to reformat/reinstall your operating system.

Further information on removing this malware can be found under Removing infections from PCs, laptops etc.

Technical specifications

Further information on this malware can be found on the website of our project partner Fraunhofer FKIE.