Don’t leave cameras uncovered. Webcam covers are cheap. Tape works too.
I mean, true. But I kind of feel like once you’ve got malware on your system, there are an awful lot of unpleasant things that it could manage to do. Would rather focus more on earlier lines of defense.
Once it’s installed, Stealerium is designed to steal a wide variety of data and send it to the hacker via services like Telegram, Discord, or the SMTP protocol in some variants of the spyware, all of which is relatively standard in infostealers. The researchers were more surprised to see the automated sextortion feature, which monitors browser URLs for a list of pornography-related terms such as “sex” and “porn," which can be customized by the hacker and trigger simultaneous image captures from the user’s webcam and browser. Proofpoint notes that it hasn’t identified any specific victims of that sextortion function, but suggests that the existence of the feature means it has likely been used.
The “try and sextort” thing might be novel, but if the malware is on the system, it’s probably already swiping all the other data it can anyway.
It sounds like in this case, the aim is to try to get people to invoke executables by presenting them as ordinary data files:
In the hacking campaigns Proofpoint analyzed, cybercriminals attempted to trick users into downloading and installing Stealerium as an attachment or a web link, luring victims with typical bait like a fake payment or invoice. The emails targeted victims inside companies in the hospitality industry, as well as in education and finance, though Proofpoint notes that users outside of companies were also likely targeted but wouldn’t be seen by its monitoring tools.
Like, I kind of feel that maybe a better fix is to distinguish, at a UI level, between “safe” opening and “unsafe” opening of something. Maybe “safe” opening opens content in a process running in a container without broader access to the host or something like that, and maybe it’s the default. That’s what mobile OSes do all the time. Web browsers don’t — shouldn’t — just do unsafe things on the host just because someone viewed something in a browser — they have a restricted environment.
In a world that worked like that, you need to actively go out of your way to run something off the Internet outside of a containerized environment.
Yes. But one less thing it can do.
OMG! This is my kink. Where can I get this?! Oh no. Oh no. Don’t put that video of me out on the internet for all to see. For all to see me doing those dirty dirty things. The shame. The humiliation. Please please. Ill do anything. ANYTHING!
Zark Muckerberg cover his webcam for a reason.
That photo is why I’ve covered my cameras, if that creepy spying fuck does it, there must be a reason.
This is where having unusual fetishes pays off, so the software has no idea you’re watching something “pornographic.”
edit: as soon as I posted I remmbered what a train was.
Sorry.
I’d say they’re getting desperate to extort the few victims they manage to infect with this crap if they’re adding an extortion/blackmail component to this that isn’t your bog standard “oh files are now encrypted” malware.
Since ransomware is pretty much known to be common enough; it’s clear that people are backing up data on a regular enough basis to be resistant to it; especially if the criminal is demanding far more money than any data they managed to take hostage is worth to the person. Since cloud services are ubiquitous now; it’s likely they already have critical documents and photos backed up safely and the ransomware fails if all the user does is find someone techy to just nuke the whole system and reinstall everything from their cloud backup.
Using browser activity and webcam spying might seem clever but it’s just a reaching maneuver to extort people who would ordinarily just shrug off a ransomware infection but whom still have poor enough opsec online to be affected greatly by such blackmail.
The same thing spam e-mails have claimed to have done for ages
So how does this work exactly?
“Pay up or we tell everyone that you watch porn”
There is a difference between telling and putting videos on the internet of you masturbating.
That only works if you masterbate while watching porn.
Blackmail can be very lucrative.
Exactly that
