- Two cybercrime groups at low -level use stealerium to extort victims watching porn
- Malware takes screenshots and webcam photos and then requires payment
- It spreads through phishing and targeting mostly individuals and small industries
Cyber criminals have started using spyware to take screenshots and webcam -snapshots of people looking at pornography on their computers and then pressing them for money, experts have warned.
A report from security researchers proofpoint claims to have seen at least two hacking groups that do this and who outline how TA2715 and TA2536, two “low sophistication” cybercrime groups, have used an upgraded version of stealerium, a well -known open source infoTeal.
Stealarium itself is distributed in a regular way -via phishing -e emails that counterfeit invoices or payment messages. The villains mostly targeted people in the hospitality industry, education and finance, but proofpoint added that other people, mostly individuals outside any workplace environment, were also likely to be targeted, but surveillance tools would not be able to spot them.
Rare but disgusting
Previous versions of stealarium are not very different from your garden -variety infoTeals -they steal login -credentials, browser cakes, credit card data (via web form -scrap) session -tokens from game services such as Steam, Crypto Wallet Data and all kinds of sensitive files. However, this new variant can also detect when the victim opens a tab of pornographic content when it will get hold of screens and bring webcam up for a few snapshots.
“Although this feature is not new to cybercrime malware, it is not often observed,” said Proofpoint.
TA2715 and TA2536 are not popular, large or sophisticated threat actors. Previous reports do not connect with any nation -state and they have not been observed to engage in ransomware or pressure victims of seven -digit ransom. Therefore, it is possible that these criminals are more likely to target people of no particular interest in the public, who would also feel shame in reporting such an incident.
The best way to defend against these attacks is to implement a strong antivirus program and think before clicking on links or e -email joined files.
