Tell Employees Not to Fall For the Wink Emoji

A well-known botnet campaign called Phoripex surged in June. It sends out spam that tries to deliver a malicious payload to victims, and has been used to power an Avaddon ransomware campaign. Phoripex, also called Trik, lures victims into opening a Zip file attachment to an email that uses a wink emoji as the subject. It has been used to distribute spam campaigns for other forms of ransomware, including GandCrab and Pony, and to mine for cryptocurrency on infected machines. Check Point Security researchers warn companies to educate employees about how to identify the types of malspam that carry these threats, “such as the latest campaign targeting users with emails containing a wink emoji,” and ensure that they deploy security that actively prevents them from infecting their networks. Despite the rise in Phoripex attacks, the most commonly detected malware during June was Agent Tesla, an information stealer that provides attackers with the ability to see everything on an infected computer — user names, passwords, browser history, system information and more.