WTF?! It's an email scam as old as the Nigerian prince asking for money: someone claiming they hacked your webcam and have recorded you in an act of self-pleasure. Unless you pay up, the video will be sent to friends and family. The whole thing's a lie, of course, but a new type of malware has made this form of sextortion a reality.
Researchers at security firm Proofpoint write that since May this year, they have seen an increased use of an open-source infostealer malware called Stealerium. It's been available on GitHub since 2022 "for educational purposes."
Stealerium is spread using the traditional method of tricking victims into downloading the malware via fake emails. These often use the guise of payment demands, court summons, booking requests, etc., which have attachments in formats like ZIP, IMG, ISO, VBScript, JavaScript, or ACE files, or web links to malicious sites.
Once executed, Stealerium acts like any other infostealer: harvesting data such as browser credentials (usernames, passwords, cookies), payment card details, session tokens, and crypto wallet info.
What's different about this malware variant is that it also monitors a victim's browser for web addresses that included keywords such as "sex" and "porn," customizable by the attacker.
Once these terms are detected in an open browser tab, Stealerium simultaneously takes a screenshot of what's on screen and photographs the victim. The attacker then receives these images via their chosen exfiltration method.
The attacker is then left with a slew of sensitive data along with compromising photos of the victim. The next step is to contact the person and blackmail them using the threat of releasing the images.
Proofpoint found Stealerium in tens of thousands of emails sent by two different but relatively small-scale hacker groups, along with other email-based hacking campaigns.
Before Stealerium, some hackers would try to convince people they had caught them in the act via their webcam by sending images of their home gathered from Google maps and social media. They often name-dropped a popular malware strain to make the claim appear more legitimate. But a malware that automates webcams to take photos when it detects porn is "pretty much unheard of," said Proofpoint researcher Kyle Cucci, though there was a similar campaign that targeted French-speaking users in 2019, writes Wired.