- Two groups of low -level cybercriminals use stealium to extort the victims by looking at porn
- Malware takes screenshots and webcam photos, then requests payment
- It is propagated by phishing and mainly targets individuals and small industries
Cybercriminals began to use spy software to take screenshots and snapshots of webcam from people who look at pornography on their computers, then extort them for money, experts warned.
A report by security researchers, proofpoint, claims to have seen at least two hacking groups do this, describing how TA2715 and TA2536, two “low -sophistication” cybercrime groups used an improved version of Stealerium, an open source infostant.
Stealarium itself is distributed regularly-via phishing or payment notice emails. The crooks mainly targeted people in the hotel industry, education and finance, but proofpoint added that other people, mainly individuals outside a working environment, were also targeted, but that the monitoring tools would not be able to identify them.
Rare but disgusting
The previous versions of stealarium are not very different from your garden variety infostector – they steal connection identification information, browser cookies, credit card data (via web tracking) tokens of game services like Steam, Crypto Wallet Data and all kinds of sensitive files. This new variant, however, can also detect the moment when the victim opens a tab with pornographic content, when he enters screenshots and will display the webcam for some snapshots.
“Although this feature is not new in malware of cybercrime, it is not often observed,” said Proofpoint.
TA2715 and TA2536 are not popular, large or sophisticated actors. Previous reports do not link it to any nation-state, and they were not observed in ransomware or extorted the victims for seven-digit ransoms. Consequently, these criminals may be more inclined to target people without particular interest to the general public, who would also feel ashamed to report such an incident.
The best way to defend yourself against these attacks is to deploy a solid antivirus program and think before clicking on links or attachments.
