In the latest in a series of malware attacks targeting porn users, the virus prevention company ESET has, according to a Gizmodo report, discovered a new “spambot” that will create recordings of a users screen during porn-surfing sessions.
The company notes once the recording are crated, the spambots send out “sextortion” emails threatening the user with release of the porn video as well as with what the scammers say is a webcam video of “you having fun.”
The spambot, which ESET researchers christened Varenyky, was discovered in May of this year, but it was not until July that whoever is behind the malware scheme launched their first sextortion operation, according to a report by the ESET researchers posted online.
“This spambot is interesting because it can steal passwords, spy on its victims’ screen using (open source software program) FFmpeg when they watch pornographic content online,” wrote the researchers. “And communication to the Command and Control server is done through Tor, while spam is sent as regular internet traffic.”
The Command and Control server is a server operated by the scammers that communicates directly with users who have contracted the malware infection. The stolen information, including recordings of porn sessions, are secretly uploaded to the Command and Control server by the Varenyky malware program.
Tor is a worldwide system for anonymous internet use that shields the identity of users and location of their computers and servers.
The Varenyky spambot has so far been observed targeting only users of one, specific internet service provider in France, Orange S.A. The malware filters out any users from outside of France—though why the single French ISP has been targeted remains a mystery.
ESET researchers, however, say that the spambot appears to be in the heavy developmental stages, as the designers have added and often quickly removed numerous functions from the program just since May, as they look to “bring a better monetization of their work,” according to the tech magazine SC.
The software knows, or at least guesses, when a user is viewing porn online with its capability of scanning screens for keywords. When the Varenyky program identifies words related to sex or porn, it activates the recording software.
The ESET discovery of Varenyky comes just two weeks after the same group of researchers discovered a malware “ransomware” threat that disguised itself as an Android “sex simulator” app, as AVN.com reported.
Photo By Macedo Media / Wikimedia Commons Public Domain
