- Two low-level cybercrime groups use Stealerium to extort victims watching porn
- The malware takes screenshots and webcam photos, then demands payment
- It spreads via phishing and mostly targets individuals and small industries
Cybercriminals have begun using spyware to take screenshots and webcam snapshots of people watching pornography on their computers, and then extorting them for money, experts have warned.
A report from security researchers Proofpoint claims to have seen at least two hacking groups doing this, outlining how TA2715 and TA2536, two “low sophistication” cybercrime groups, have been using an upgraded version of Stealerium, a known open source infostealer.
Stealarium itself is distributed in a regular fashion - via phishing emails spoofing invoices or payment notices. The crooks mostly targeted people in the hospitality industry, education, and finance, but Proofpoint added that other people, mostly individuals outside any workplace environment, were also likely targeted, but monitoring tools wouldn’t be able to spot them.
Rare but disgusting
Earlier versions of Stealarium aren’t much different from your garden-variety infostealer - they steal login credentials, browser cookies, credit card data (via web form scraping) session tokens from gaming services like Steam, crypto wallet data, and all sorts of sensitive files. This new variant, however, can also detect when the victim opens a tab with pornographic content, when it will grab screenshots, and bring up the webcam for a few snapshots.
“While this feature is not novel among cybercrime malware, it is not often observed,” Proofpoint said.
TA2715 and TA2536 are not popular, large, or sophisticated threat actors. Previous reports do not link it to any nation-state, and they haven’t been observed engaging in ransomware, or extorting victims for seven-figure ransoms. Therefore, it is possible that these criminals are more inclined towards targeting people of no particular interest to the general public, who would also feel shame reporting such an incident.
The best way to defend against these attacks is to deploy a strong antivirus program, and think before clicking any links or email attachments.
You might also like
- Watch out - your Lenovo webcam could be a major security risk
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
