You come home from your tiring day job to discover that your little sister has unknowingly subjected your laptop to a dangerous malware. You download a malware removal software and think that you’ve dealt with it, but little do you know that when you’re alone in your room, pleasing yourself in privacy, your privacy is exactly what’s compromised and you’ve been watched and recorded!
Titled as “Shut up and Dance”, an episode of Black Mirror, a famous sci-fi anthology series on Netflix shows a young guy being victimized by a hacker who recorded him through his webcam during private moments and later threatens to release those recordings online if he doesn’t comply to his demands. Sounds horrifying, right? But this isn’t just a fantasy anymore as a new malware of similar nature has recently been exposed.
Something that was circulating as a rumor has now been verified to be a sextortion campaign that has been going on for over a month, watching users through their webcams as they access adult sites. Your little sister’s unknowing clicks don’t put your device at risk, but your very own intentional ones do.
The primary channel of the malware confirmed thus far is the high traffic adult site Xvideos.com which has been found to host malware that not only supposedly spies on what you’re doing through your webcam but also records what you’re viewing on the screen in parallel. Once you’ve finished doing what you were doing in your compromised state of privacy, the malware sends this footage back to the hacker who has been watching the live show all along.
What’s worse, someone watching you, more of you than you’d like to show, without you knowing, or what they’re going to do with that viewing next? Once you exit your session, you receive the following email:
The hacker claims to have gained access to your Facebook, Messenger, and other contact lists which s/he will use to send out your video to all the people you know and hold dear. Black Mirror warned you, didn’t it? It seems that even after your device has been turned off, the malware is still resident and able to connect your device so that the hacker may access your data and credentials.
Now, you could do one of two things, ignore this message and take the risk, or pay up in bitcoin as instructed. What’s the guarantee that the hacker will actually delete your video once you make the payment? But do you want to forego the payment out of doubt or lack of trust and let your mother get a front seat viewing to what you’ve been up to? At least it’s meant to end with a payment here, thank God you’re not Kenny.
The good news (yes there is good news even in this) is that looking into the accounts of forthcoming victims, it has been found that no actual footage invading their privacy actually existed. Several victims did make the required payments to save face in case the threat may be real, but as it turns out, the email is a scam. However, clicking on links and attachments within the email downloads hidden malware into your device which puts you at a real risk where the malware can retrieve your internet activity, browser cookies, and login credentials. This is when the real ransom you cannot avoid starts, when your device is at risk of a lock down and your data is being held on the line for a pay up.
GrandCrab Ransomware has been the most popular and notorious malware coming out of such email attachments, so it goes without saying that you should not risk opening such emails at all. Delete them from your mailbox immediately and report them as spam.
Aside from the fact that this particular case of an email has been found to be a scam, we are not a long way away from such a kind of extortion becoming a reality. We’re unsure whether this may have been in effect yet or not as in most cases the victims have been found to pay up. The particular bitcoin address of the email has already been reported with a sextortion offense earlier this year, having received USD $3,260.52 worth in bitcoin already. Pro tip: use some thick wire tape on your webcam and cover up your microphone too. Mark Zuckerberg does it, so why shouldn’t you.