New malware records screen activity as victim watches porn

The IT security researchers at ESET have discovered a nasty new malware that not only steals users’ private and financial data but also keeps an eye on their browsing activities including recording their screen whenever they watch pornographic videos.
New malware record screen activity as victim watches porn

The IT security researchers at ESET have discovered a nasty new malware that not only steals users’ private and financial data but also keeps an eye on their browsing activities including recording their screen whenever they watch pornographic videos.

Dubbed Varenyky by researchers; the malware spreads itself through spam emails. Its prime target is Windows-based computers where once the device is infected it steals login credentials, financial details, and recording screen activities while its victim “enjoys” x-rated content.

Although the malware is currently only targeting French customers using Orange S.A. ISP (formerly France Télécom S.A.) services, the campaign highlights the fact that cybercriminals are capable of blackmailing victims by threatening to leak on-screen activity and demand ransom money.

See: This malware turns itself into ransomware if you try to remove it

It is worth mentioning that a similar type of attack was previously reported in which crooks emailed victims claiming that their PC has been infected by malware and they have video of the victim during the time they were watching pornography.

The email further claimed to have access to victim’s contacts and threatened to leak the video in case they don’t pay ransom payment in Bitcoin. The email also contained victim’s password which, in some cases, was their real password stolen from previous data breaches – This type of attack is known as sextortion.

In the case of Varenyky malware, the email comes with a Microsoft document file appearing to be pending phone bill issued by Orange S.A. ISP. However, upon executing the Word file, it asks for “human verification,” which, enables macros in the background allowing malware to drop its payload.

New malware record screen activity as victim watches porn
Screenshot credit: ESET

“Overall, the email text content, the document’s filename and the “protected” content of the document emphasize to the recipients that they are dealing with a real bill and that they should open it. The quality of the French is very good; overall, the document is convincing,” said ESET researchers in their blog post.

Although researchers have identified Varenyky’s screen recording capabilities, they did not find any such video that was recorded and leveraged by the malware author, at least no yet. However, the email gives victims 72 hours to send payment in Bitcoin or the video will be sent to their contacts including friends, family, colleagues, share on social media including Twitter and Facebook, etc.

Victims are also told to refrain from to changing their passwords, cleaning their device or removing the malware “because the victim’s data is on a remote server.”

New malware record screen activity as victim watches porn
Keywords the malware looks for – Screenshot credit: ESET

“There are many functions related to possible extortion or blackmail of victims watching pornographic content, but despite having sent unrelated sextortion scam emails, the operator has not leveraged these as far as we can tell, added researchers. “This shows that the operators are actively working on their botnet and are inclined to experiment with new features that could bring a better monetization of their work,” researchers warned.

If you are on Windows, there are several things you can do to prevent Varenyky malware from infiltrating your computer. First and foremost, avoid opening emails from anonymous contacts, do not download or executes files coming from such emails, keep your system upgraded, use reliable anti-virus software and scan your device regularly.

See: ViceLeaker Android malware steals call recordings, photos, videos & texts

In case you have received such extortion email; ignore it and change all your passwords accordingly. Stay safe online.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Total
0
Shares
Related Posts