New Automated Extortion Software Is So Devious You Won't Believe It

New Automated Extortion Software Is So Devious You Won't Believe It

A new form of "infostealer" malware can automatically detect when you open porn on your browser, screenshot what you're looking at, take a photo of you through your webcam, and send it all to a hacker. Wired reports that this malicious tool is part of the horrifying evolution in sextortion schemes, where hackers coerce victims by threatening to release private and sexual images.

"When it comes to infostealers, they typically are looking for whatever they can grab," Selena Larson, a researcher at the cybersecurity firm Proofpoint, told Wired. "This adds another layer of privacy invasion and sensitive information that you definitely wouldn't want in the hands of a particular hacker."

The tool, known as Stealerium, caught Proofpoint's attention after it found the malware in tens of thousands of emails sent by two different hacking groups. Devious blackmailers don't need to plumb the depths of the dark web to find it, either. It's based on an open-source malware that's readily and freely available on Github, where its creator claims it's "for educational purposes."

While it's been up since 2022, researchers at the firm say they've recently noticed a significant uptick in schemes delivering the Stealerium malware. In their investigation, they found that the hackers trick their victims into installing the malware by disguising it as an innocuous attachment or link. Often, they impersonate organizations like charities and banks, with subject lines like "Donation Invoice" and "Payment Due."

Once it's installed, nothing's private. The malware can quickly infiltrate practically every corner of your computer, grabbing data like your browser's saved login credentials, cookies, banking and credit card data, crypto wallets, and your chats on platforms like Signal and Discord.

The real kicker, though, is its feature that can target porn data. It can detect whenever you open NSFW content on your browser, looking for keywords like "porn" and "sex," which are customizable by the hacker. When triggered, the tool takes a screenshot of your screen and snaps a photo with your webcam.

"It's gross," Larson told Wired. "I hate it."

Even more alarming is the ease with which it exfiltrates this data. Stealerium can automatically send everything to a Discord server or through a Telegram account. And hackers using the tool have also modified it to send the data as an archive file over emails, a functionality that wasn't available in the original version.

Many of the victims, Proofoint found, worked in the hospitality, education and finance. It hasn't found any victims of the porn-snooping sextortion hack being used, but that doesn't mean they aren't out there.

"For a hacker, it's not like you're taking down a multimillion-dollar company that is going to make waves and have a lot of follow-on impacts," Larson told Wired. "They're trying to monetize people one at a time. And maybe people who might be ashamed about reporting something like this."