This creepy spyware watches you through your webcam and snaps incriminating photos

News
By published

Watching any XXX sites lately? This spyware will squeal on you

Two professionally dressed men talking to each other using a webcam on a virtual call.
(Image credit: Shutterstock / fizkes)
  • Two low-level cybercrime groups use Stealerium to extort victims watching porn
  • The malware takes screenshots and webcam photos, then demands payment
  • It spreads via phishing and mostly targets individuals and small industries

Cybercriminals have begun using spyware to take screenshots and webcam snapshots of people watching pornography on their computers, and then extorting them for money, experts have warned.

A report from security researchers Proofpoint claims to have seen at least two hacking groups doing this, outlining how TA2715 and TA2536, two “low sophistication” cybercrime groups, have been using an upgraded version of Stealerium, a known open source infostealer.

Stealarium itself is distributed in a regular fashion - via phishing emails spoofing invoices or payment notices. The crooks mostly targeted people in the hospitality industry, education, and finance, but Proofpoint added that other people, mostly individuals outside any workplace environment, were also likely targeted, but monitoring tools wouldn’t be able to spot them.

Rare but disgusting

Earlier versions of Stealarium aren’t much different from your garden-variety infostealer - they steal login credentials, browser cookies, credit card data (via web form scraping) session tokens from gaming services like Steam, crypto wallet data, and all sorts of sensitive files. This new variant, however, can also detect when the victim opens a tab with pornographic content, when it will grab screenshots, and bring up the webcam for a few snapshots.

“While this feature is not novel among cybercrime malware, it is not often observed,” Proofpoint said.

TA2715 and TA2536 are not popular, large, or sophisticated threat actors. Previous reports do not link it to any nation-state, and they haven’t been observed engaging in ransomware, or extorting victims for seven-figure ransoms. Therefore, it is possible that these criminals are more inclined towards targeting people of no particular interest to the general public, who would also feel shame reporting such an incident.

The best way to defend against these attacks is to deploy a strong antivirus program, and think before clicking any links or email attachments.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.